What is tcpdump?

Say I make a DNS request:

$ dig +short @ google.com

What went over the network? We can find out with a program called tcpdump! tcpdump is a command-line program which can prints everything that goes over a network interface on a UNIX box. Let’s see an example, getting all DNS traffic. DNS requests go over UDP port 53. We ask tcpdump for this using the expression udp and port 53:

$ sudo tcpdump -n 'udp and port 53'
tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pktap, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes
23:21:50.909488 IP > 61163+ [1au] A? google.com. (39)
23:21:50.929583 IP > 61163 1/0/1 A (55)

The output shows exactly two UDP packets. One for the DNS request, the next for the response.

You’ll notice that tcpdump is terribly named! It does not just dump TCP; it can dump all manner of network activity: UDP, IP, ICMP, Ethernet, and many others.

I just released Vidrio, a free app for macOS and Windows to make your screen-sharing awesomely holographic. Vidrio shows your webcam video on your screen, just like a mirror. Then you just share or record your screen with Zoom, QuickTime, or any other app. Vidrio makes your presentations effortlessly engaging, showing your gestures, gazes, and expressions. #1 on Product Hunt. Available for macOS and Windows.

With Vidrio

With generic competitor

More by Jim

Tagged #programming, #unix. All content copyright James Fisher 2018. This post is not associated with my employer. Found an error? Edit this page.