|
tcpdump is the name of a popular computer network debugging and security tool which allows the user to intercept and display TCP/IP packets being transmitted or received over a network to which the computer is attached. On Unix and most other operating systems, a user must have the equivalent of root or system administrator privileges to use tcpdump due to its use of promiscuous mode.
The user may optionally apply any number of filters to render the output more usable on networks with a high volume of traffic.
Common Uses of tcpdump
- to debug applications one is writing which utilize the network for communications
- to debug the network setup itself, by determining whether all necessary routing is or is not occurring properly, allowing the user to further isolate the source of a problem
- to intercept and display the communications of another user or computer. Some protocols, such as telnet and HTTP, transmit information unencrypted over the network. A user with control of a router or gateway through which other computers' unencrypted traffic passes can use tcpdump to view login IDs, passwords, the URLs and content of websites being viewed, or any other information.
tcpdump is a command line, text mode only program. Ethereal is a similar program with a GUI frontend, and many additional formatting, sorting, and display facilities.
Ngrep is like tcpdump but with more/different features ( http://ngrep.sourceforge.net/ )
External link
Official site for tcpdump (and libpcap) (http://www.tcpdump.org/)
|
