Tcpdump may not have a slick front end like other packet analyzers such as Wireshark and Ettercap, but this command line tool makes up for its lack of fancy graphics with power and flexibility. Tcpdump is an old mainstay for network admins and security pros who swear by its usefulness.
Unlike other traffic analysis tools such as Ettercap and Wireshark, both of which provide packet sniffing functionality with a convenient captive interface, tcpdump takes a command at the shell, with options specified at that time, and then dumps the results to standard output. This may seem primitive to some users, but it provides power and flexibility that isn't available with the common captive interface alternatives.
In this IT Dojo video, I'll show you why tcpdump is a great tool for network debugging and security monitoring.
After watching the video, you can learn more about tcpdump by reading Chad Perrin's article, "Use tcpdump for traffic analysis"—the basis for this video.
Bill Detwiler has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop support specialist in the social research and energy industries. He has bachelor's and master's degrees from the University of Louisville, where he has also lectured on computer crime and crime prevention.