Back to glossary

Tcpdump

A common command-line packet analyzer that allows users to display TCP/IP and other packets being transmitted or received over a network.

Categorynetwork

Overview

Tcpdump is a fundamental tool for network troubleshooting and security analysis. It captures packets in real-time and can save them to a file (usually in .pcap format) for later analysis with tools like Wireshark.

Key Features

  • Filtering: Uses Berkeley Packet Filter (BPF) syntax to capture only specific traffic (e.g., tcp port 80, host 192.168.1.1).
  • Verbosity: Can display varying levels of detail about each packet.
  • Lightweight: Runs on almost all Unix-like operating systems.

Use Case

Identifying why a specific application is failing to connect by observing the actual packets on the wire.

Related Terms

Packet CaptureNetwork Monitoring