Share to: share facebook share twitter share wa share telegram print page

 

Tcpdump

tcpdump
Developer(s)The Tcpdump team
Initial release1988
Stable release
4.99.4 / April 7, 2023; 21 months ago (2023-04-07)[1]
Repositorytcpdump on GitHub
Written inC (programming language)
Operating systemLinux, Solaris, FreeBSD, NetBSD, OpenBSD, DragonFly BSD, macOS, Android, and additional *NIX systems, Windows
TypePacket analyzer
LicenseBSD license[2]
Websitewww.tcpdump.org

tcpdump is a data-network packet analyzer computer program that runs under a command line interface. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.[3] Distributed under the BSD license,[4] tcpdump is free software.

Tcpdump works on most Unix-like operating systems: Linux, Solaris, FreeBSD, DragonFly BSD, NetBSD, OpenBSD, OpenWrt, macOS, HP-UX 11i, and AIX. In those systems, tcpdump uses the libpcap library to capture packets. The port of tcpdump for Windows is called WinDump; it uses WinPcap, the Windows version of libpcap.

History

tcpdump was originally written in 1988 by Van Jacobson, Sally Floyd, Vern Paxson and Steven McCanne who were, at the time, working in the Lawrence Berkeley Laboratory Network Research Group.[5] By the late 1990s there were numerous versions of tcpdump distributed as part of various operating systems, and numerous patches that were not well coordinated. Michael Richardson (mcr) and Bill Fenner created www.tcpdump.org in 1999.

Common uses

tcpdump prints the contents of network packets. It can read packets from a network interface card or from a previously created saved packet file. tcpdump can write packets to standard output or a file.

It is also possible to use tcpdump for the specific purpose of intercepting and displaying the communications of another user or computer. A user with the necessary privileges on a system acting as a router or gateway through which unencrypted traffic such as Telnet or HTTP passes can use tcpdump to view login IDs, passwords, the URLs and content of websites being viewed, or any other unencrypted information.

The user may optionally apply a BPF-based filter to limit the number of packets seen by tcpdump; this renders the output more usable on networks with a high volume of traffic.

Example of available capture interfaces on a Linux system:

$ tcpdump -D
1.eth0 [Up, Running, Connected]
2.any (Pseudo-device that captures on all interfaces) [Up, Running]
3.lo [Up, Running, Loopback]
4.bluetooth-monitor (Bluetooth Linux Monitor) [Wireless]
5.usbmon2 (Raw USB traffic, bus number 2)
6.usbmon1 (Raw USB traffic, bus number 1)
7.usbmon0 (Raw USB traffic, all USB buses) [none]
8.nflog (Linux netfilter log (NFLOG) interface) [none]
9.nfqueue (Linux netfilter queue (NFQUEUE) interface) [none]
10.dbus-system (D-Bus system bus) [none]
11.dbus-session (D-Bus session bus) [none]
12.bluetooth0 (Bluetooth adapter number 0)
13.eth1 [none, Disconnected]

Privileges required

In some Unix-like operating systems, a user must have superuser privileges to use tcpdump because the packet capturing mechanisms on those systems require elevated privileges. However, the -Z option may be used to drop privileges to a specific unprivileged user after capturing has been set up. In other Unix-like operating systems, the packet capturing mechanism can be configured to allow non-privileged users to use it; if that is done, superuser privileges are not required.

See also

  • Tcptrace, a tool for analyzing the logs produced by tcpdump
  • EtherApe, a network mapping tool that relies on sniffing traffic
  • Ngrep, a tool that can match regular expressions within the network packet payloads
  • netsniff-ng, a free Linux networking toolkit
  • Wireshark, a GUI based alternative to tcpdump

References

  1. ^ "tcpdump and libpcap latest release". The Tcpdump Group. Retrieved 2023-04-07.
  2. ^ "tcpdump and libpcap license". The Tcpdump Group. Retrieved 2012-04-13.
  3. ^ Amoedo, Damián (8 April 2018). "Tcpdump, conoce el tráfico de una interfaz de red desde la terminal". Ubunlog (in Spanish). Archived from the original on 9 April 2018. Retrieved 9 April 2018. Esta herramienta nos va a permitir ver información sobre el tráfico que entra y sale de una interfaz de red determinada. Se trata de una herramienta de diagnóstico que nos va a permitir ver la información de los paquetes. Esta información será de donde provienen los paquetes entrantes y hacia donde se dirigen los paquetes salientes, aportando algo de información adicional. Incluso podremos guardar el resultado en un archivo para echarle un vistazo en otro momento.
  4. ^ "LICENSE file from source code (public GIT repository)". GitHub.
  5. ^ McCanne, Steve (13 June 2011). "libpcap: An Architecture and Optimization Methodology for Packet Capture - Sharkfest 2011" (PDF). SharkFest. Retrieved 6 August 2017.
Kembali kehalaman sebelumnya


Index: pl ar de en es fr it arz nl ja pt ceb sv uk vi war zh ru af ast az bg zh-min-nan bn be ca cs cy da et el eo eu fa gl ko hi hr id he ka la lv lt hu mk ms min no nn ce uz kk ro simple sk sl sr sh fi ta tt th tg azb tr ur zh-yue hy my ace als am an hyw ban bjn map-bms ba be-tarask bcl bpy bar bs br cv nv eml hif fo fy ga gd gu hak ha hsb io ig ilo ia ie os is jv kn ht ku ckb ky mrj lb lij li lmo mai mg ml zh-classical mr xmf mzn cdo mn nap new ne frr oc mhr or as pa pnb ps pms nds crh qu sa sah sco sq scn si sd szl su sw tl shn te bug vec vo wa wuu yi yo diq bat-smg zu lad kbd ang smn ab roa-rup frp arc gn av ay bh bi bo bxr cbk-zam co za dag ary se pdc dv dsb myv ext fur gv gag inh ki glk gan guw xal haw rw kbp pam csb kw km kv koi kg gom ks gcr lo lbe ltg lez nia ln jbo lg mt mi tw mwl mdf mnw nqo fj nah na nds-nl nrm nov om pi pag pap pfl pcd krc kaa ksh rm rue sm sat sc trv stq nso sn cu so srn kab roa-tara tet tpi to chr tum tk tyv udm ug vep fiu-vro vls wo xh zea ty ak bm ch ny ee ff got iu ik kl mad cr pih ami pwn pnt dz rmy rn sg st tn ss ti din chy ts kcg ve 
Prefix: a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9