Learn more about Russian war crimes in Ukraine.

What is tcpdump?

Say I make a DNS request:

$ dig +short @ google.com

What went over the network? We can find out with a program called tcpdump! tcpdump is a command-line program which can prints everything that goes over a network interface on a UNIX box. Let’s see an example, getting all DNS traffic. DNS requests go over UDP port 53. We ask tcpdump for this using the expression udp and port 53:

$ sudo tcpdump -n 'udp and port 53'
tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pktap, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes
23:21:50.909488 IP > 61163+ [1au] A? google.com. (39)
23:21:50.929583 IP > 61163 1/0/1 A (55)

The output shows exactly two UDP packets. One for the DNS request, the next for the response.

You’ll notice that tcpdump is terribly named! It does not just dump TCP; it can dump all manner of network activity: UDP, IP, ICMP, Ethernet, and many others.

What can computers do? What are the limits of mathematics? And just how busy can a busy beaver be? This year, I’m writing Busy Beavers, a unique interactive book on computability theory. You and I will take a practical and modern approach to answering these questions — or at least learning why some questions are unanswerable!

It’s only $19, and you can get 50% off if you find the discount code ... Not quite. Hackers use the console!

After months of secret toil, I and Andrew Carr released Everyday Data Science, a unique interactive online course! You’ll make the perfect glass of lemonade using Thompson sampling. You’ll lose weight with differential equations. And you might just qualify for the Olympics with a bit of statistics!

It’s $29, but you can get 50% off if you find the discount code ... Not quite. Hackers use the console!

More by Jim

Tagged #programming, #unix. All content copyright James Fisher 2018. This post is not associated with my employer. Found an error? Edit this page.