Tcpdump

is Article description::a command-line network monitoring and data acquisition tool. It is capable of sniffing packets and "dumping" information.

Emerge
Install :

SUID
In order for normal users to run the program should be built with the   flag enabled and the user(s) should be added to the pcap group.

Do this by using the command where   is user's username:

Invocation
The root user can invoke at any time:

When has been set with SUID permissions normal users can invoke it, however since the  directory is not included in a normal user's path, the full path must be specified:

Listing interfaces
To discover the interfaces available to issue the following command:

Specifying an interface
After an output of available interfaces has been displayed it is possible to select a specific interface upon which to listen:

Where  is either the number of the interface or the string version of the name.

Write output to a file
Running with the   instructs the program to write output to a file. This is helpful to future analysis:

Advanced USage

 * Show me all URG packets:
 * Show me all ACK packets:
 * Show me all PSH packets:
 * Show me all RST packets:
 * Show me all SYN packets:
 * Show me all FIN packets:
 * Show me all SYN-ACK packets:
 * Show all traffic with both SYN and RST flags set: (that should never happen):
 * Show all traffic with the “evil bit” set:
 * Display all IPv6 Traffic:
 * Print Captured Packets in ASCII:
 * Display Captured Packets in HEX and ASCII:
 * Capture and Save Packets in a File:
 * Read Captured Packets File:
 * Capture IP address Packets:
 * Capture only TCP Packets.:
 * Capture Packet from Specific Port:
 * Capture Packets from source IP:
 * Capture Packets from destination IP:
 * Capture any packed coming from x.x.x.x:
 * Capture any packet coming from or going to x.x.x.x:
 * Capture any packet going to x.x.x.x:
 * Capture any packed coming from x.x.x.x:
 * Capture any packet going to network x.x.x.0/24:
 * Capture any packet coming from network x.x.x.0/24:
 * Capture any packet with destination port x:
 * Capture any packet coming from port x:
 * Capture any packets from or to port range x to y:
 * Capture any tcp or udp port range x to y:
 * Capture any packets with dst ip x.x.x.x and port y:

External resources

 * http://www.tcpdump.org/manpages/pcap.3pcap.html - The tcpdump man page hosted on the web.