tcpdump is an authoritative command line packet analyzer which makes use of libpcap (a portable C/C++ library) for network traffic capture. While there are other tools for network forensics such as WireShark, tcpdump has it’s strength with respect to TCP packets. The program allows in depth analysis of tcp packets from the interface it runs on.

ScreenShot.jpg(410.02 KB) meghancaiazzo, May 6 2013, 7:35 PM
tcpdumout.pcap(17.35 KB) meghancaiazzo, May 6 2013, 7:54 PM

You must Sign-In to post a comment.