tcpdump console output
|Developer(s)||The Tcpdump team|
4.9.2 / September 3, 2017
|Repository||tcpdump on GitHub|
|Written in||C (programming language)|
|Operating system||Linux, Solaris, FreeBSD, NetBSD, OpenBSD, DragonFly BSD, macOS, Android, and additional *NIX systems, Windows|
tcpdump is a common packet analyzer that runs under the command line. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license, tcpdump is free software.
Tcpdump works on most Unix-like operating systems: Linux, Solaris, FreeBSD, DragonFly BSD, NetBSD, OpenBSD, OpenWrt, macOS, HP-UX 11i, and AIX. In those systems, tcpdump uses the libpcap library to capture packets. The port of tcpdump for Windows is called WinDump; it uses WinPcap, the Windows port of libpcap.
tcpdump was originally written in 1988 by Van Jacobson, Sally Floyd, Vern Paxson and Steven McCanne who were, at the time, working in the Lawrence Berkeley Laboratory Network Research Group. By the late 1990s there were numerous versions of tcpdump distributed as part of various operating systems, and numerous patches that were not well coordinated. Michael Richardson (mcr) and Bill Fenner created www.tcpdump.org in 1999.
tcpdump prints the contents of network packets. It can read packets from a network interface card or from a previously created saved packet file. tcpdump can write packets to standard output or a file.
It is also possible to use tcpdump for the specific purpose of intercepting and displaying the communications of another user or computer. A user with the necessary privileges on a system acting as a router or gateway through which unencrypted traffic such as Telnet or HTTP passes can use tcpdump to view login IDs, passwords, the URLs and content of websites being viewed, or any other unencrypted information.
The user may optionally apply a BPF-based filter to limit the number of packets seen by tcpdump; this renders the output more usable on networks with a high volume of traffic.
Example of available capture interfaces on a Linux system:
$ tcpdump -D 1.eth0 [Up, Running] 2.any (Pseudo-device that captures on all interfaces) [Up, Running] 3.lo [Up, Running, Loopback] 4.bluetooth-monitor (Bluetooth Linux Monitor) 5.nflog (Linux netfilter log (NFLOG) interface) 6.nfqueue (Linux netfilter queue (NFQUEUE) interface) 7.dbus-system (D-Bus system bus) 8.dbus-session (D-Bus session bus) 9.bluetooth0 (Bluetooth adapter number 0) 10.eth1
In some Unix-like operating systems, a user must have superuser privileges to use tcpdump because the packet capturing mechanisms on those systems require elevated privileges. However, the -Z option may be used to drop privileges to a specific unprivileged user after capturing has been set up. In other Unix-like operating systems, the packet capturing mechanism can be configured to allow non-privileged users to use it; if that is done, superuser privileges are not required.
Esta herramienta nos va a permitir ver información sobre el tráfico que entra y sale de una interfaz de red determinada. Se trata de una herramienta de diagnóstico que nos va a permitir ver la información de los paquetes. Esta información será de donde provienen los paquetes entrantes y hacia donde se dirigen los paquetes salientes, aportando algo de información adicional. Incluso podremos guardar el resultado en un archivo para echarle un vistazo en otro momento.
Manage research, learning and skills at defaultlogic.com. Create an account using LinkedIn to manage and organize your omni-channel knowledge. defaultlogic.com is like a shopping cart for information -- helping you to save, discuss and share.