The tcpdump program can capture and observe IP packet exchanges on a network interface. The program usually involves setting an Ethernet network interface card into a "promiscuous" mode so that the card listens and captures every frame that traverses the network. A packet filter is used to select the IP packets that are of interest in a given situation. These IP packets and their higher-layer contents can then be observed and analyzed. Because of security concern, normal users typically cannot run the tcpdump program. The book by Stevens provides numerous examples of the operation of the TCP/IP protocols using this tool [Stevens 1994].
Was this article helpful?