O'Reilly logo

Learning Network Forensics by Samir Datt

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Collecting network traffic using tcpdump

Tcpdump is a command-line tool that runs on various flavors of Linux. It can be used for network traffic packet capture and analysis. It is a free tool that is distributed under the Berkeley Software Distribution (BSD) license.

Tcpdump requires the libpcap library to capture packets. Tcpdump has also been ported to Windows. In this avatar, it requires the WinPcap library, which is a port of libpcap for Windows.

Tcpdump is a great tool to learn about the traffic on your network in a more hands-on way. Though tcpdump requires more inputs from the user vis-à-vis higher analysis tools such as Wireshark, it really increases your fundamental understanding of the TCP/IP suite. Any security professional getting ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required