tcpdump

VERIFIED

Command-line packet analyzer for network diagnostics

Packet Sniffing & SpoofingOSS

Intermediate

LinuxmacOS

Description

tcpdump is a powerful command-line packet analyzer that captures and displays TCP/IP and other packets transmitted or received over a network interface. It uses libpcap for packet capture and supports BPF (Berkeley Packet Filter) syntax for precise traffic filtering.

Use Cases

Capture packets on remote servers via SSH for forensic analysis
Create pcap files for offline analysis in Wireshark
Monitor specific traffic flows using BPF filter expressions

Attack Phases

01. RECON

02. SCAN

03. EXPLOIT

04. PERSIST

05. COVER

MITRE ATT&CK Techniques (2)

T1040Network Sniffing(Credential Access)

Related Tools (3)

Wireshark Scapy Nmap