TCPdump

TCPdump is a command-line packet analyzer developed by The Tcpdump Group. According to the vendor, it is designed to capture and analyze network traffic in real-time. The product is intended for use by network administrators, security analysts, security professionals, network engineers, and IT professionals across organizations of various sizes.

Key Features

Packet Capture: According to the vendor, TCPdump allows users to capture network packets in real-time from different network interfaces. Users can specify capture filters based on criteria such as source/destination IP address, port number, protocol type, or packet payload.

Packet Filtering: TCPdump provides packet filtering capabilities using BPF expressions, as stated by the vendor. Users can apply filters based on source/destination IP address, port number, protocol type, packet length, packet payload, and other packet attributes.

Protocol Analysis: The vendor states that TCPdump can analyze packets at the protocol level, providing detailed information about source and destination IP addresses, port numbers, protocol types, and packet payloads. It supports a wide range of network protocols, including TCP, UDP, ICMP, IPv4, IPv6, HTTP, DNS, FTP, SSH, and more.

Output Formatting: According to the vendor, TCPdump offers flexible output formatting options, allowing users to display captured packets in ASCII, hexadecimal, or both formats. Users can control the level of detail in the output and save captured packets for further analysis or sharing.

Timestamping: TCPdump provides accurate timestamping of captured packets, as claimed by the vendor. Users can choose to display timestamps in various formats, including absolute time, relative time, or delta time, to analyze packet timing and latency.

Advanced Filtering: The vendor states that TCPdump supports advanced filtering capabilities, enabling users to create complex filter expressions using logical operators, wildcards, and regular expressions. Users can combine multiple filter criteria to match specific packet patterns.

Statistics and Counters: TCPdump provides statistics and counters for captured packets, according to the vendor. Users can view packet count, byte count, and other metrics to monitor network traffic volume, identify anomalies, and measure network performance.