tcpdump prints a description of the contents of packets on a network interface which match a given boolean expression. It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface. In all cases, only packets which match the expression will be processed by tcpdump. tcpdump logs more than just TCP, IP, or ethernet packets, but has a whole suite of decoders, including ones for USB.
|Tags||Packet Analyzer Packet Capturing|
|Operating Systems||POSIX Linux Solaris HPUX AIX osx NetBSD FreeBSD|
Release Notes: This release has merged 802.15.4 decoder. It has updates to forces for new port numbers. It uses "-H", not "-h", for the 802.11s option (-h is always help). Better ICMPv6 checksum handling. Support for the RPKI/Router Protocol, per -ietf-sidr-rpki-rtr-12. Removal of uuencoded pcap test files; git can do binary. sFlow changes for 64-bit counters. Fixes for PPI packet header handling and printing. DCB Exchange protocol (DCBX) version 1.01.