Distributed under a permissive free software licence, tcpdump is free software.

Tcpdump works on most Unix-like operating systems: Linux, Solaris, BSD, Mac OS X, HP-UX and AIX among others. In those systems, tcpdump uses the libpcap library to capture packets.

There is also a port of tcpdump for Windows called WinDump; this uses WinPcap, which is a port of libpcap to Windows.

In some Unix-like operating systems, a user must have superuser privileges to use tcpdump because the packet capturing mechanisms on those systems require elevated privileges. However, the -Z option may be used to drop privileges to a specific unprivileged user after capturing has been set up. In other Unix-like operating systems, the packet capturing mechanism can be configured to allow non-privileged users to use it; if that is done, superuser privileges are not required.

The user may optionally apply a BPF-based filter to limit the number of packets seen by tcpdump; this renders the output more usable on networks with a high volume of traffic.

Common uses of tcpdump

It is also possible to use tcpdump for the specific purpose of intercepting and displaying the communications of another user or computer. A user with the necessary privileges on a system acting as a router or gateway through which unencrypted traffic such as [] or [] passes can use tcpdump to view login IDs, passwords, the URLs and content of websites being viewed, or any other unencrypted information.

See also

• Wireshark, a GUI network protocol analyzer formerly known as Ethereal
• OmniPeek, an analyzer that supports streaming of packets from a remote machine running tcpdump
• Packet sniffer
• Snoop, a similar utility included with Solaris
• Tcptrace, a tool for analysing the logs produced by tcpdump

External links

• Official site for tcpdump (and libpcap)
• Official site for WinDump
• ngrep, a tcpdump-like tool
• Berkeley Packet Filter
• Portable version of tcpdump for Windows