Editing Tcpdump

{{Short description|Data-network packet analyzer}}
{{lowercase|title=tcpdump}}
{{more citations needed|date=September 2010}}
{{Infobox software
|name = tcpdump
|logo = Tcpdump&libpcap.svg
|screenshot = [[Image:Tcpdump 4.9.3 screenshot.png|200px|tcpdump console output]]
|caption = tcpdump console output
|developer = The Tcpdump team
|repo = {{github|the-tcpdump-group/tcpdump}}
|programming language = [[C (programming language)]]
|genre = [[Packet analyzer]]
|license = [[BSD license]]<ref>{{cite web|url=https://www.tcpdump.org/license.html|title=tcpdump and libpcap license|publisher=The Tcpdump Group|access-date=2012-04-13}}</ref>
|website = {{URL|https://www.tcpdump.org/}}
|released = 1988
| latest release version = {{wikidata|property|preferred|references|edit|P348|P548=Q2804309}}
| latest release date = {{Start date and age|{{wikidata|qualifier|preferred|single|P348|P548=Q2804309|P577}}|df=yes}}
|operating system = [[Linux]], [[Solaris (operating system)|Solaris]], [[FreeBSD]], [[NetBSD]], [[OpenBSD]], [[DragonFly BSD]], [[macOS]], [[Android (operating system)|Android]], and additional [[Unix-like|*NIX]] systems, [[Microsoft Windows|Windows]]
}}
'''tcpdump''' is a data-network [[packet analyzer]] computer program that runs under a [[command line interface]]. It allows the user to display [[TCP/IP]] and other packets being transmitted or received over a [[computer network|network]] to which the computer is attached.<ref>{{cite web |url= https://ubunlog.com/tcpdump-descripcion-general-herramienta/ |title= Tcpdump, conoce el tráfico de una interfaz de red desde la terminal |access-date = 9 April 2018 |last= Amoedo |first= Damián |date= 8 April 2018 |website= Ubunlog |language = es |quote= Esta herramienta nos va a permitir ver información sobre el tráfico que entra y sale de una interfaz de red determinada. Se trata de una herramienta de diagnóstico que nos va a permitir ver la información de los paquetes. Esta información será de donde provienen los paquetes entrantes y hacia donde se dirigen los paquetes salientes, aportando algo de información adicional. Incluso podremos guardar el resultado en un archivo para echarle un vistazo en otro momento. |archive-url= https://web.archive.org/web/20180409123634/https://ubunlog.com/tcpdump-descripcion-general-herramienta/ |archive-date= 9 April 2018}}</ref> Distributed under the [[BSD license]],<ref>{{cite web
|url=https://github.com/the-tcpdump-group/tcpdump/blob/master/LICENSE
|title=LICENSE file from source code (public GIT repository)
|website=[[GitHub]]
}}</ref> tcpdump is [[free software]].

Tcpdump works on most [[Unix-like]] [[operating system]]s: [[Linux]], [[Solaris (operating system)|Solaris]], [[FreeBSD]], [[DragonFly BSD]], [[NetBSD]], [[OpenBSD]], [[OpenWrt]], [[macOS]], [[HP-UX|HP-UX 11i]], and [[AIX operating system|AIX]].  In those systems, tcpdump uses the [[libpcap]] library to capture packets. The [[Porting|port]] of tcpdump for [[Microsoft Windows|Windows]] is called WinDump; it uses [[WinPcap]], the Windows version of libpcap.

==History==
tcpdump was originally written in 1988 by [[Van Jacobson]], [[Sally Floyd]], [[Vern Paxson]] and [[Steven McCanne]] who were, at the time, working in the [[Lawrence Berkeley Laboratory]] Network Research Group.<ref>{{Cite web|url=https://sharkfestus.wireshark.org/sharkfest.11/presentations/McCanne-Sharkfest'11_Keynote_Address.pdf|title=libpcap: An Architecture and Optimization Methodology for Packet Capture - Sharkfest 2011|last=McCanne|first=Steve|date=13 June 2011|website=SharkFest|access-date=6 August 2017}}</ref>   By the late 1990s there were numerous versions of tcpdump distributed as part of various operating systems, and numerous patches that were not well coordinated.  [[Michael Richardson (mcr)]] and [[Bill Fenner]] created www.tcpdump.org in 1999.

==Common uses==
tcpdump prints the contents of network packets. It can read packets from a network interface card or from a previously created saved packet file. tcpdump can write packets to standard output or a file.

It is also possible to use tcpdump for the specific purpose of intercepting and displaying the communications of another user or computer. A user with the necessary privileges on a system acting as a [[router (computing)|router]] or [[Gateway (computer networking)|gateway]] through which unencrypted traffic such as [[Telnet]] or [[HTTP]] passes can use tcpdump to view login IDs, passwords, the [[Uniform Resource Locator|URL]]s and content of websites being viewed, or any other unencrypted information.

The user may optionally apply a [[Berkeley Packet Filter|BPF]]-based filter to limit the number of packets seen by tcpdump; this renders the output more usable on networks with a high volume of traffic.

Example of available capture interfaces on a Linux system:
<syntaxhighlight lang="console">
$ tcpdump -D
1.eth0 [Up, Running, Connected]
2.any (Pseudo-device that captures on all interfaces) [Up, Running]
3.lo [Up, Running, Loopback]
4.bluetooth-monitor (Bluetooth Linux Monitor) [Wireless]
5.usbmon2 (Raw USB traffic, bus number 2)
6.usbmon1 (Raw USB traffic, bus number 1)
7.usbmon0 (Raw USB traffic, all USB buses) [none]
8.nflog (Linux netfilter log (NFLOG) interface) [none]
9.nfqueue (Linux netfilter queue (NFQUEUE) interface) [none]
10.dbus-system (D-Bus system bus) [none]
11.dbus-session (D-Bus session bus) [none]
12.bluetooth0 (Bluetooth adapter number 0)
13.eth1 [none, Disconnected]
</syntaxhighlight>

==Privileges required==
In some [[Unix-like]] [[operating system]]s, a user must have [[superuser]] privileges to use tcpdump because the packet capturing mechanisms on those systems require elevated privileges.  However, the -Z option may be used to drop privileges to a specific unprivileged user after capturing has been set up.  In other Unix-like operating systems, the packet capturing mechanism can be configured to allow non-privileged users to use it; if that is done, superuser privileges are not required.

== See also ==
{{Portal|Free and open-source software}}
*[[Tcptrace]], a tool for analyzing the logs produced by tcpdump
*[[EtherApe]], a network mapping tool that relies on sniffing traffic
*[[Ngrep]], a tool that can match regular expressions within the network packet payloads
*[[netsniff-ng]], a free Linux networking toolkit
*[[Wireshark]], a GUI based alternative to tcpdump

==References==
{{reflist|2}}

==External links==
* {{Official website}}


[[Category:Network analyzers]]
[[Category:Unix network-related software]]
[[Category:Windows network-related software]]
[[Category:Free software programmed in C]]
[[Category:Cross-platform free software]]
[[Category:Free network management software]]
[[Category:Software using the BSD license]]