Tcpdump is an open source command line tool for monitoring network traffic. Example: tcpdump works by capturing and displaying packet headers and matching them against a set of criteria. It understands logical search operators and can use hostnames, IP addresses, network names, and protocols as arguments.
History
Tcpdump was originally written in 1988 by Van Jacobson, Sally Floyd, Vern Paxson, and Stephen McCann, who at the time were working at the Lawrence Berkeley Laboratory for Network Research [4]. By the late 1990s, there were many ported versions of tcpdump distributed as part of various operating systems and numerous fixes that were not properly coordinated. Michael Richardson and Bill Fenner created www.tcpdump.org in 1999.
Using Tcpdump: Examples
Tcpdump prints the contents of network packets. It can read packets from the network interface card or from a previously created savedbatch file. tcpdump example - tool can write packets to stdout or file.
But that's not all. It is also possible to use tcpdump (using ubuntu as an example) for the specific purpose of capturing and displaying another user's or computer's messages. A user with the necessary privileges on a system acting as a router or gateway through which unencrypted traffic, such as Telnet or HTTP passes, can use tcpdump to view login IDs, passwords, URLs, and the content of websites viewed, or any other unencrypted information.
The user can apply a filter to limit the number of packets seen in tcpdump on Mac example. This makes the output more convenient for use on high traffic networks.
Unix user privileges
On some Unix-like operating systems, a normal user must have root privileges to use Linux tcpdump, an example of which is the packet capture mechanisms on those systems that require elevated privileges. However, the -Z option can be used to remove the privileges of a specific unprivileged user after the capture has been set. On other Unix-like operating systems, the packet capture mechanism can be configured to allow unprivileged users to use it. If these settings are made, superuser privileges are not required.
TCP
TCP is fundamentala protocol in the Internet protocol suite or a set of standards that allow systems to communicate over the Internet. It is classified as a "transport layer" protocol because it creates and maintains connections between hosts.
TCP complements the Internet Protocol (IP), which defines IP addresses used to identify systems on the Internet. The Internet Protocol provides instructions for transferring data, while the Transmission Control Protocol creates a connection and manages the delivery of packets from one system to another. These two protocols are usually grouped together and referred to as TCP/IP.
When data is transmitted over a TCP connection, the protocol divides it into individually numbered packets or "segments". Each packet includes a header that specifies the source, destination, and data section. Because packets can travel across the Internet using multiple routes, they may arrive at their destination in a different order than they were sent. The transmission control protocol reorders packets in the correct sequence at the receiving end.
Tcpdump and UDP examples
TCP also includes error checking which ensures that each packet is delivered as requested. This is different from UDP, which does not check if each packet was successfully transmitted. Although built-in error checking means that TCP is more expensive and slower than UDP, this technology ensures accurate delivery of data between systems. TCP is also used to transfer most types ofdata such as web pages and files over the Internet. UDP is ideal for media streaming that does not require all packets to be delivered.
Functional basics
TCP originated in the original network implementation, in which it complements the Internet Protocol (IP). Provides reliable, ordered, and audited packet flow delivery verification between applications running on hosts communicating over an IP network. Basic Internet applications (World Wide Web, e-mail, remote administration, file transfer) depend on TCP. Applications that do not require a reliable data stream service use only the User Datagram Protocol (UDP), which provides a connectionless datagram service that emphasizes security degradation.
Prerequisites for Creation
In May 1974, the Institute of Electrical and Electronics Engineers (IEEE) published a paper en titled "Protocol for Packet Network Interworking". The authors of the paper, Vint Cerf and Bob Kahn, described an interworking protocol for resource sharing using packet switching between nodes, including the concepts of the French CYCLADES project led by Louis Puzin. The central control component of this model was the transmission control program, which included both connection-oriented links and host-to-host datagram services. The monolithic transmission control program was then split into a module architecture that consisted of the protocoltransmission control at the connection-oriented layer and the Internet protocol at the internetworking layer (datagrams). The model was unofficially called TCP / IP, later called the Internet Protocol Suite.
Network function
The Transmission Control Protocol provides an intermediate level communication service between an application program and the Internet Protocol. It provides connectivity between nodes at the transport layer of the Internet model. An application does not need to know the specific mechanisms for sending data across a link to another host, such as the required packet fragmentation on the transmission media. At the transport layer, the algorithm handles all handshake and transmission data and is an abstraction of the network connection to the application.
At the lower layers of the protocol stack, due to network congestion, traffic load balancing, or other unpredictable behavior, IP data packets can be lost, duplicated, or delivered out of order. TCP detects these problems, requests retransmission of lost data, changes data due to order, and even helps minimize network load to reduce the risk of other problems. If data remains undelivered, the source is notified of this failure. After the TCP receiver reassembles the sequence of originally transmitted packets, it passes them on to the receiving application. Thus, TCP abstracts the application's relationship to the underlying network data.
Application
TCP is widely used by many applications available on the Internet, including e-mail, File Transfer Protocol, peer-to-peer file sharing, and streaming media applications.
TCP is optimized for accurate rather than just-in-time delivery, and can introduce relatively long delays (on the order of seconds) while waiting for trouble messages or retransmissions of lost messages. Therefore, it is not suitable for real-time applications such as Voice over IP. For such applications, real-time data transfer protocols (RTP), which operate on the principle of user datagrams, are generally recommended.
Benefits
TCP is a secure stream delivery service that guarantees that all data received is identical to that sent and in the correct order. Since the transmission of packets by many networks is unreliable, a technique known as "positive acknowledgment with retransmission" is used to provide security. This technique requires the receiver to respond with an acknowledgment message when receiving the data. The sender keeps a record of each packet it sends and maintains a timer from the moment the packet was sent. The sender retransmits the data if the time elapses before the message is acknowledged. The timer is needed if a packet is lost or damaged.
Nuances
While IP handles the actual delivery of data, TCP keeps track of "segments" - individual units of data transferred, byby which the message is divided into efficient routing through the network. For example, when an HTML file is sent from a web server, the server's TCP software layer divides the sequence of file packets into segments and forwards them individually to the IP (Internet Layer) software layer. The Internet Layer encapsulates each TCP segment in an IP packet by adding a header that includes (among other data) the destination IP address. When the client program on the destination computer receives them, the TCP (Transport Layer) layer reassembles the individual segments and ensures that they are correctly ordered and error-free when the data is passed to the application.
