home / networking / tcpdump

tcpdump

3.1k

Packet capture CLI for filtering, inspecting, and saving network traffic to debug protocols, connectivity, and on-wire behavior.

$brew install tcpdump
Language
C
Stars
3,141
Category
Networking
Agent
AI Analysis

tcpdump is a packet capture and decode CLI for inspecting live network traffic or reading saved packet traces. It sits close to the wire: you filter traffic with pcap expressions, print protocol details, or write raw packets to capture files for later analysis.

What It Enables
  • Capture traffic on a chosen interface and narrow it with pcap filter expressions so you can isolate DNS, HTTP, TLS, VPN, or host-to-host flows during outages and protocol debugging.
  • Read existing pcap or pcapng files, print decoded packet details, or emit matching packet counts when you need scripted inspection of saved traces.
  • Write raw captures to files, rotate them by size or time, and hand them off to Wireshark or follow-up CLI analysis during longer investigations.
Agent Fit
  • Non-interactive flags, filter expressions, buffered stdout controls, and documented exit codes make it usable in scripted inspect-then-verify loops.
  • It is especially useful when an agent needs raw network evidence: capture now, reread the file with tighter filters later, or use --count for simple scalar checks on saved captures.
  • Parsed output is human-oriented text rather than structured JSON, and live capture often needs elevated privileges plus networking knowledge to avoid noisy or incomplete traces.
Caveats
  • Capturing from live interfaces may require root or capture privileges; reading saved packet files does not.
  • Snapshot length, buffering, and rotation settings affect fidelity and packet loss, so automation is usually safer when it saves capture files instead of parsing console text alone.