Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
TCPDump is one of the best light-weight utilities for performing network traffic capture. It's extremely simple to use, but performs network scanning effectively and efficiently without all of the overhead associated with tools like Wireshark, making it a key part of any Cybersecurity practitioner's toolbox.
Teaching Assistant George Mcpherson and Vikramajeet Khatri
(Disclaimer: Breaking Stuff with Joe is a Cybrary series that will be running indefinitely. You will not earn CEU/CPE hours by watching any individual 'Breaking Stuff with Joe' episode. However, you can still earn a certificate of completion for each episode completed.)
Using the tcpdump Tool
Network connectivity issues are common, but challenging, situations to troubleshoot. In those situations, tcpdump can be a great tool. It’s also very effective as a security tool. Tcpdump is a command line utility that allows users to perform network traffic capture and analysis. It’s a versatile and powerful tool that comes with various options and filters, making it effective in a variety of different situations.
The tcpdump tool is very easy to use, and it performs network scanning efficiently and effectively, without the overhead associated with other similar tools. It’s a widely used text-based network monitoring utility in Linux. Tcpdump is used to filter the TCP/IP packets over networks. It can be used to filter transmitted and received packets over a specific network interface. That makes is a crucial addition to any cybersecurity professional’s toolbox.
Why Use the tcpdump Tool?
Because tcpdump is a command line tool, it’s perfect to run in remote devices or servers for which a graphical user interface (GUI) isn’t available, to gather information that can be analyzed later. It’s possible to launch it in the background or as a scheduled job.
One of the biggest advantages to using tcpdump is that users are able to save the packets that are captured in a file for further advanced analysis. Tcpdump is also useful because it allows users to target it to look for a specific type of traffic that should provide usernames and passwords.
The tcpdump tool is considered a staple tool that both systems and network administrators alike reach for when they need to examine actual network packets. It is one of the best network analysis tools for all information security professionals – especially those who want to have a thorough understanding of TCP/IP.
To get more information about the tcpdump tool, and to learn to use it, take a look at our How to Use tcpdump tutorial. The tutorial is free, and it will provide students with the skills needed to understand and run tcpdump for capturing network traffic. Enrolling in the course is easy, simply click on the Register button at the top right corner of this screen to begin.