tcpdump - Introduction -- Network Programming

[ Show ]

Support VoyForums

[ Shrink ]

VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

[ Login ] [ Contact Forum Admin ] [ Main index ] [ Post a new message ] [ Search | Check update time | Archives: 1, [2] ]

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Date Posted: 22:41:32 03/04/07 Sun
Author: Anandan
Subject: tcpdump - Introduction
In reply to: Anandan 's message, "Packet Capture" on 22:18:04 03/04/07 Sun

The tcpdump program was originally developed to analyze TCP/IP peroformance problems at the Lawrence Berkeley Laboratory at the University of California, Berkeley by Van Jacobson, Craig Leres and Stevem McCanne. A number of features have been added over time although some options may be not be available with every implementation. The program has been ported to a wide variety of systems and comes preinstalled on many systems.

tcpdump - a free tool runs on many Unix platforms, and has even been ported to Microsoft Windows. Features of its syntax and its file format have been used or supported by a large number of subsequent programs. In particular, its capture software, libpcap, is frequently used by other capture programs. Even when proprietary programs with additional feaures exist, the universality of tcpdump makes it a compelling choice.

Since tcpdump is text based, it is easy to run remotely using a Telnet connection. Its biggest disadvantage is a lack of analysis, but one can easily capture traffic, move it to local machine, and analyze it with a tool like ethereal.

Using tcpdump

The simplest way to run tcpdump is interactively by simply typing the program's name. The output will apear on your screen. You can terminate the program by Ctrl-C.But unless you have an idle network, you are likely to be overwhelmed by the amount of traffic you capture. What you are interested in will likely scroll off your screen before you have a chance to read it.

$tcpdump

Fortunately there are better ways to run tcpdump. It is required to know what for tcpdump is to be run.

The syntax for capturing a file with tee is (display output):
$tcpdump -l | tee outfile

Run tcpdump as detached process by including an & at the end of the command line.
$tcpdump -w outfile &
Once after generating the traffic of interest, you can terminate the process by issuing the kill comand with process number reported when tcpdump was started. Then the captured file can be analyzed.
The -w option is required to write the captured data directly to a file. This option has the advantage of collecting raw data in binary format. The data can then be replayed with tcpdump using the -r option. The binary format decreases the amount of storage needed, and different filters can be applied to the file without having to recapture the traffic.
To capture data you might type:
$tcpdump -w rawfile

The data could be converted to a text file with
$tcpdump -r rawfile > textfile.

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Replies:

tcpdump - Options I -- Anandan.V.S., 23:35:25 03/04/07 Sun

[ Contact Forum Admin ]

Forum timezone: GMT-8
VF Version: 3.00b, ConfDB:
Before posting please read our privacy policy.
VoyForums^(tm) is a Free Service from Voyager Info-Systems.
Copyright © 1998-2019 Voyager Info-Systems. All Rights Reserved.