Tcpdump may not have a slick front end like other packet analyzers such as Wireshark and Ettercap, but this command line tool makes up for its lack of fancy graphics with power and flexibility. Tcpdump is an old mainstay for network admins and security pros who swear by its usefulness.

Unlike other traffic analysis tools such as Ettercap and Wireshark, both of which provide packet sniffing functionality with a convenient captive interface, tcpdump takes a command at the shell, with options specified at that time, and then dumps the results to standard output. This may seem primitive to some users, but it provides power and flexibility that isn’t available with the common captive interface alternatives.

In this IT Dojo video, I’ll show you why tcpdump is a great tool for network debugging and security monitoring.

After watching the video, you can learn more about tcpdump by reading Chad Perrin’s article, “Use tcpdump for traffic analysis”–the basis for this video.