Tcpdump Packet Analyzer

Tcpdump is a command-line packet analyzer and network diagnostic tool that captures and displays network traffic packets transmitted or received over a network interface. Originally developed in the late 1980s by Van Jacobson, Craig Leres, and Steven McCanne at Lawrence Berkeley Laboratory, it has been maintained by The Tcpdump Group since 1999 and is the foundational packet capture tool on virtually all Unix-like systems. Key features include: packet capture using libpcap (the portable C library it shares with Wireshark and Nmap), Berkeley Packet Filter (BPF) expressions for filtering packets by protocol, source/destination address, port, TCP flags, packet size, and complex logical combinations, protocol decoding (Ethernet, ARP, IPv4/IPv6, TCP, UDP, ICMP, DNS, HTTP, TLS/SSL, NFS, SMB, and hundreds of application-layer protocols), output formats (human-readable text, verbose multi-line detail, hex and ASCII for binary protocols), timestamp control (absolute, delta, or relative timestamps with microsecond precision), pcap file output (save captured packets to libpcap format for offline analysis or import into Wireshark), interface selection (specify network interface by name, listen on all interfaces, or monitor mode for 802.11 wireless capture), and cross-platform (Linux, macOS, BSD, Solaris, and Windows via WinPcap or Npcap).