TcpDump

A different tool similar to TShark. TcpDump is standard and distributed with many many Un*x-like operating systems (except the one coming with the tool you will find by googling for "The Interface From Hell")

TcpDump lives at www.tcpdump.org

TcpDump is also the place where LibPcap lives; LibPcap is the standard API and CaptureFile format used by Wireshark and TShark as well as many many other tools.

If you do a lot of network capturing it is well worth the effort to learn all the command line switches to TcpDump for the same reason learning VI is useful. This tool will be there for almost all Un*xen you will find, TShark might not.

TcpDump has been ported to Windows; the port is called WinDump, and it lives at www.winpcap.org/windump. The developers of WinDump are also the developers of WinPcap, which is a port of LibPcap to Windows; WinPcap lives at www.winpcap.org.

Following are packet capture utilities for some commercial Unix versions:

TcpDump (last edited 2011-02-05 00:03:38 by GuyHarris)