Tcpdump

(Network analysis tool)

Guide - Dr. B. M. Mehtre Vamshi

University of Hyderabad 19MCMI06
University of Hyderabad
 Table of Contents
● Introduction
● Installation
● Screenshots
● Advantages
● Disadvantages
● Conclusion
● References
● Declaration
 Introduction
● A powerful command-line packet analyzer.

● Prints out a description of the contents of packets on a network.

● Tcpdump has great variety in filter.

 Installation
● For Linux: “sudo apt-get install tcpdump”

● For Mac “brew install tcpdump”

● For Windows (Download windump):

“https://www.winpcap.org/windump/install/default.htm”
Screenshots
sudo tcpdump -i en0 -w tracea.pcap
 Link layer

IP version

Destination Address Source Address Ethernet Type

 Few other commands
● tcpdump -i en0 -v host 192.168.0.1

● tcpdump -i en0 -v dst 216.58.210.238

● tcpdump -i en0 -nn -v port 80

 Advantages
● It is easy to run remotely using a Telnet connection

● Less overhead when compared to wireshark

● Need not install in linux and MacOSX based system.

 Disadvantages
● Its biggest disadvantage is the lack of analysis.
 Conclusion
As demonstrated, tcpdump is a quite simple and useful diagnostic tool
for the use of displaying and saving packet information through a network
interface.
 References
● https://www.tcpdump.org
● https://www.youtube.com/watch?v=1lDfCRM6dWk
● https://www.youtube.com/watch?v=MOUmA9h9R8c&t=387s
● https://developer.apple.com/documentation/network/recording_a_p
acket_trace
● https://www.tcpdump.org/manpages/tcpdump.1.html
● https://packettotal.com
 Declaration
● I hereby declare that this presentation is made by me, and the
screenshots used are the proof of the results I have executed in my
system.
Thank you