TCPDUMP is a utility for Linux which allows you to monitor, analyze and intercept both incoming and outgoing traffic in a local network with interface and channel division. Its functionality is similar to the popular Wireshark
program but TCPDUMP works in the terminal without GUI. Which means it can even be installed and used on an Android smartphone (via Kali NetHunter
). Source code is open.
TCPDUMP for Windows also exists. It is compiled from the original source code of TCPDUMP and is integrated into the system as a part of Packet Sniffer SDK (from Microolap Technologies). Also without graphical interface, runs via CMD command line or PowerShell of Windows.
Properties of the utility:
- Scan and identify available devices/interfaces in the local network;
- intercept network traffic (with separation by device);
- export PCAP files for their subsequent analysis and decryption;
- take traffic with specified filtering settings (port, MAC-address, protocol, host, and packet size)
- detail information about each captured packet (time, size, hash amount, destination).
Packets are not saved by default, but there is a log file that shows the status of the network interface being scanned. The program works with both wireless adapters and Ethernet and dial-up connections (if the user has all necessary permissions).
- detection of unauthorized access to the local network;
- detection of users connected to the local network and using the computer for their personal purposes (in the office);
- acquiring access to closed network resources (login/password or cookies can be extracted from intercepted traffic);
- detection of traces of virus software activity (covert sending personal data).
The utility will also be useful for network administrators because it allows you to check the availability status of all network interfaces with just a few mouse clicks.
Download TCPDUMP release version for free on our site.