Tcpdump

Tcpdump is a software for monitoring and analysis of network traffic. It was written by Van Jacobson, Craig and Steven McCanne Leres, but is now further developed by many others. Tcpdump works in text mode and is controlled via the command line.

Tcpdump is available for most Unix systems and Unix derivatives such as AIX, BSD, Linux, Solaris, and is supplied by many manufacturers in the basic system. For Windows is porting WinDump available. Because of the direct access to the hardware, the user needs to run the software under Unix and many other systems, the privileged root user ( except for rights: under BSD derivatives, Mac OS X, SunOS and Solaris, it is sufficient if the user has the appropriate rights to the network device file has ).

The program reads the data in the form of packets that are sent over the network, and displays them on the screen or save them in files. The conversion of a network adapter in promiscuous mode, it is also possible to receive packets that are not destined for this network adapter, and evaluate.

In addition tcpdump allows the evaluation of previously stored files in packages. By means of parameters that must be specified at startup on the command line, the user controls the behavior of tcpdump filter and passes to the program under which the packets are evaluated.

Main applications of tcpdump are:

• Troubleshooting programs that communicate over the network.
• Troubleshooting of network structure itself
• Recording and display the communication of other users and computers. Users who have access to routers or gateways within a network, it is hereby possible to monitor the communication between different participants of the network and record them. Since some protocols handle their transfer unencrypted, it is possible in this way to obtain passwords and user data from the network.