Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Tcpdump
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{Short description|Data-network packet analyzer}} {{lowercase|title=tcpdump}} {{more citations needed|date=September 2010}} {{Infobox software |name = tcpdump |logo = Tcpdump&libpcap.svg |screenshot = [[Image:Tcpdump 4.9.3 screenshot.png|200px|tcpdump console output]] |caption = tcpdump console output |developer = The Tcpdump team |repo = {{github|the-tcpdump-group/tcpdump}} |programming language = [[C (programming language)]] |genre = [[Packet analyzer]] |license = [[BSD license]]<ref>{{cite web|url=https://www.tcpdump.org/license.html|title=tcpdump and libpcap license|publisher=The Tcpdump Group|access-date=2012-04-13}}</ref> |website = {{URL|https://www.tcpdump.org/}} |released = 1988 | latest release version = {{wikidata|property|preferred|references|edit|P348|P548=Q2804309}} | latest release date = {{Start date and age|{{wikidata|qualifier|preferred|single|P348|P548=Q2804309|P577}}|df=yes}} |operating system = [[Linux]], [[Solaris (operating system)|Solaris]], [[FreeBSD]], [[NetBSD]], [[OpenBSD]], [[DragonFly BSD]], [[macOS]], [[Android (operating system)|Android]], and additional [[Unix-like|*NIX]] systems, [[Microsoft Windows|Windows]] }} '''tcpdump''' is a data-network [[packet analyzer]] computer program that runs under a [[command line interface]]. It allows the user to display [[TCP/IP]] and other packets being transmitted or received over a [[computer network|network]] to which the computer is attached.<ref>{{cite web |url= https://ubunlog.com/tcpdump-descripcion-general-herramienta/ |title= Tcpdump, conoce el tr谩fico de una interfaz de red desde la terminal |access-date = 9 April 2018 |last= Amoedo |first= Dami谩n |date= 8 April 2018 |website= Ubunlog |language = es |quote= Esta herramienta nos va a permitir ver informaci贸n sobre el tr谩fico que entra y sale de una interfaz de red determinada. Se trata de una herramienta de diagn贸stico que nos va a permitir ver la informaci贸n de los paquetes. Esta informaci贸n ser谩 de donde provienen los paquetes entrantes y hacia donde se dirigen los paquetes salientes, aportando algo de informaci贸n adicional. Incluso podremos guardar el resultado en un archivo para echarle un vistazo en otro momento. |archive-url= https://web.archive.org/web/20180409123634/https://ubunlog.com/tcpdump-descripcion-general-herramienta/ |archive-date= 9 April 2018}}</ref> Distributed under the [[BSD license]],<ref>{{cite web |url=https://github.com/the-tcpdump-group/tcpdump/blob/master/LICENSE |title=LICENSE file from source code (public GIT repository) |website=[[GitHub]] }}</ref> tcpdump is [[free software]]. Tcpdump works on most [[Unix-like]] [[operating system]]s: [[Linux]], [[Solaris (operating system)|Solaris]], [[FreeBSD]], [[DragonFly BSD]], [[NetBSD]], [[OpenBSD]], [[OpenWrt]], [[macOS]], [[HP-UX|HP-UX 11i]], and [[AIX operating system|AIX]]. In those systems, tcpdump uses the [[libpcap]] library to capture packets. The [[Porting|port]] of tcpdump for [[Microsoft Windows|Windows]] is called WinDump; it uses [[WinPcap]], the Windows version of libpcap. ==History== tcpdump was originally written in 1988 by [[Van Jacobson]], [[Sally Floyd]], [[Vern Paxson]] and [[Steven McCanne]] who were, at the time, working in the [[Lawrence Berkeley Laboratory]] Network Research Group.<ref>{{Cite web|url=https://sharkfestus.wireshark.org/sharkfest.11/presentations/McCanne-Sharkfest'11_Keynote_Address.pdf|title=libpcap: An Architecture and Optimization Methodology for Packet Capture - Sharkfest 2011|last=McCanne|first=Steve|date=13 June 2011|website=SharkFest|access-date=6 August 2017}}</ref> By the late 1990s there were numerous versions of tcpdump distributed as part of various operating systems, and numerous patches that were not well coordinated. [[Michael Richardson (mcr)]] and [[Bill Fenner]] created www.tcpdump.org in 1999. ==Common uses== tcpdump prints the contents of network packets. It can read packets from a network interface card or from a previously created saved packet file. tcpdump can write packets to standard output or a file. It is also possible to use tcpdump for the specific purpose of intercepting and displaying the communications of another user or computer. A user with the necessary privileges on a system acting as a [[router (computing)|router]] or [[Gateway (computer networking)|gateway]] through which unencrypted traffic such as [[Telnet]] or [[HTTP]] passes can use tcpdump to view login IDs, passwords, the [[Uniform Resource Locator|URL]]s and content of websites being viewed, or any other unencrypted information. The user may optionally apply a [[Berkeley Packet Filter|BPF]]-based filter to limit the number of packets seen by tcpdump; this renders the output more usable on networks with a high volume of traffic. Example of available capture interfaces on a Linux system: <syntaxhighlight lang="console"> $ tcpdump -D 1.eth0 [Up, Running, Connected] 2.any (Pseudo-device that captures on all interfaces) [Up, Running] 3.lo [Up, Running, Loopback] 4.bluetooth-monitor (Bluetooth Linux Monitor) [Wireless] 5.usbmon2 (Raw USB traffic, bus number 2) 6.usbmon1 (Raw USB traffic, bus number 1) 7.usbmon0 (Raw USB traffic, all USB buses) [none] 8.nflog (Linux netfilter log (NFLOG) interface) [none] 9.nfqueue (Linux netfilter queue (NFQUEUE) interface) [none] 10.dbus-system (D-Bus system bus) [none] 11.dbus-session (D-Bus session bus) [none] 12.bluetooth0 (Bluetooth adapter number 0) 13.eth1 [none, Disconnected] </syntaxhighlight> ==Privileges required== In some [[Unix-like]] [[operating system]]s, a user must have [[superuser]] privileges to use tcpdump because the packet capturing mechanisms on those systems require elevated privileges. However, the -Z option may be used to drop privileges to a specific unprivileged user after capturing has been set up. In other Unix-like operating systems, the packet capturing mechanism can be configured to allow non-privileged users to use it; if that is done, superuser privileges are not required. == See also == {{Portal|Free and open-source software}} *[[Tcptrace]], a tool for analyzing the logs produced by tcpdump *[[EtherApe]], a network mapping tool that relies on sniffing traffic *[[Ngrep]], a tool that can match regular expressions within the network packet payloads *[[netsniff-ng]], a free Linux networking toolkit *[[Wireshark]], a GUI based alternative to tcpdump ==References== {{reflist|2}} ==External links== * {{Official website}} [[Category:Network analyzers]] [[Category:Unix network-related software]] [[Category:Windows network-related software]] [[Category:Free software programmed in C]] [[Category:Cross-platform free software]] [[Category:Free network management software]] [[Category:Software using the BSD license]]
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)
Pages transcluded onto the current version of this page
(
help
)
:
Template:Cite web
(
edit
)
Template:Infobox software
(
edit
)
Template:Lowercase
(
edit
)
Template:More citations needed
(
edit
)
Template:Official website
(
edit
)
Template:Portal
(
edit
)
Template:Reflist
(
edit
)
Template:Short description
(
edit
)