Learn more about Russian war crimes in Ukraine.

What is tcpdump?

Say I make a DNS request:

$ dig +short @8.8.8.8 google.com
216.58.206.46

What went over the network? We can find out with a program called tcpdump! tcpdump is a command-line program which can prints everything that goes over a network interface on a UNIX box. Let’s see an example, getting all DNS traffic. DNS requests go over UDP port 53. We ask tcpdump for this using the expression udp and port 53:

$ sudo tcpdump -n 'udp and port 53'
tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pktap, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes
23:21:50.909488 IP 192.168.1.4.61988 > 192.168.1.254.53: 61163+ [1au] A? google.com. (39)
23:21:50.929583 IP 192.168.1.254.53 > 192.168.1.4.61988: 61163 1/0/1 A 216.58.208.142 (55)

The output shows exactly two UDP packets. One for the DNS request, the next for the response.

You’ll notice that tcpdump is terribly named! It does not just dump TCP; it can dump all manner of network activity: UDP, IP, ICMP, Ethernet, and many others.

What can computers do? What are the limits of mathematics? And just how busy can a busy beaver be? This year, I’m writing Busy Beavers, a unique interactive book on computability theory. You and I will take a practical and modern approach to answering these questions — or at least learning why some questions are unanswerable!

It’s only $19, and you can get 50% off if you find the discount code ... Not quite. Hackers use the console!

After months of secret toil, I and Andrew Carr released Everyday Data Science, a unique interactive online course! You’ll make the perfect glass of lemonade using Thompson sampling. You’ll lose weight with differential equations. And you might just qualify for the Olympics with a bit of statistics!

It’s $29, but you can get 50% off if you find the discount code ... Not quite. Hackers use the console!

More by Jim

Tagged #programming, #unix. All content copyright James Fisher 2018. This post is not associated with my employer. Found an error? Edit this page.