Tcpdump

is Article description::a command-line network monitoring and data acquisition tool. It is capable of sniffing packets and "dumping" information.

Emerge
Install :

SUID
In order for normal users to run the program should be built with the   flag enabled and the user(s) should be added to the pcap group.

Do this by using the command where   is user's username:

Invocation
The root user can invoke at any time:

When has been set with SUID permissions normal users can invoke it, however since the  directory is not included in a normal user's path, the full path must be specified:

Listing interfaces
To discover the interfaces available to issue the following command:

Specifying an interface
After an output of available interfaces has been displayed it is possible to select a specific interface upon which to listen:

Where  is either the number of the interface or the string version of the name.

Write output to a file
Running with the   instructs the program to write output to a file. This is helpful to future analysis:

External resources

 * http://www.tcpdump.org/manpages/pcap.3pcap.html - The tcpdump man page hosted on the web.