tcpdump is a powerful command-line network packet analyzer used for capturing and dissecting network traffic in real-time.
the TCPdump network dissector
tcpdump is primarily used by network administrators, security professionals, and developers to monitor network traffic, diagnose network issues, and detect potential intrusions. It enables detailed packet-level inspection to understand network behavior and troubleshoot connectivity or security problems.
tcpdump requires libpcap for packet capturing and may need elevated privileges to access network interfaces. Users should be familiar with network protocols to effectively interpret tcpdump output. For Windows, additional dependencies like WinPcap or Npcap and Visual Studio with CMake are required. Always ensure you comply with legal and privacy considerations when capturing network traffic.
Ensure libpcap 1.0 or later is installed or build libpcap from source if not available
Clone the repository using: git clone https://github.com/the-tcpdump-group/tcpdump.git
Navigate to the tcpdump source directory
Follow the build and installation instructions in INSTALL.md to compile tcpdump
On Windows, install WinPcap or Npcap and use Visual Studio with CMake to buildtcpdump
Start capturing packets on the default network interface and display them in real-time.
tcpdump -i eth0
Capture packets on the specified interface eth0.
tcpdump -w capture.pcap
Write captured packets to a file named capture.pcap for later analysis.
tcpdump -r capture.pcap
Read and analyze packets from a previously saved capture file.