Tcpdump is an open source command line tool for monitoring network traffic. Example: tcpdump works by capturing and displaying packet headers and matching them with a set of criteria. It understands logical search operators and can use host names, IP addresses, network names, and protocols as arguments.
History
Tcpdump was originally written in 1988 by Van Jacobson, Sally Floyd, Verne Paksson and Stephen McCann, who at that time worked at the Lawrence Berkeley Laboratory Network Laboratory Research Laboratory [4]. Towards the end of the 1990s, there were many versions of tcpdump following the example of ports distributed as part of various operating systems and numerous fixes that were not properly coordinated. Michael Richardson and Bill Fenner created www.tcpdump.org in 1999.
Using Tcpdump: Examples
Tcpdump prints the contents of network packets. It can read packets from a network interface card or from a previously created saved batch file. Tcpdump example - a tool can write packets to standard output or a file.
But that's not all. It is also possible to use tcpdump (for example, ubuntu) for the specific purpose of intercepting and displaying messages from another user or computer. A user with the necessary privileges on a system acting as a router or gateway through which unencrypted traffic, such as Telnet or HTTP passes, can use tcpdump to view login IDs, passwords, URLs and content of browsed websites or any other unencrypted information .
The user can apply a filter to limit the number of packets observed in tcpdump using the Mac as an example. This makes the output more convenient for use in networks with a large volume of traffic.
User privileges on Unix
On some Unix-like operating systems, an ordinary user must have superuser privileges to use tcpdump Linux, an example of which are packet capture mechanisms on these systems that require elevated privileges. However, the -Z option can be used to remove privileges for a specific unprivileged user after the capture has been established. On other Unix-like operating systems, the packet capture engine can be configured to allow non-privileged users to use it. If these settings are completed, superuser privileges are not required.
TCP
TCP is the fundamental protocol in the Internet protocol suite or a set of standards that allow systems to communicate over the Internet. It is classified as a “transport layer” protocol because it creates and maintains connections between hosts.
TCP complements the Internet Protocol (IP), which defines the IP addresses used to identify systems on the Internet. The Internet Protocol provides instructions for transferring data, while the Transmission Control Protocol creates a connection and controls the delivery of packets from one system to another. These two protocols are usually grouped together and are called TCP / IP.
When data is transmitted over a TCP connection, the protocol divides it into individually numbered packets or “segments”. Each package includes a header that identifies the source, destination, and data section. Because packages can travel over the Internet using multiple routes, they can arrive at their destination in a different order than they were sent. The transmission control protocol reorders the packets in the correct sequence on the receiving side.
Tcpdump and UDP Examples
TCP also includes error checking, which ensures that every packet is delivered on demand. This is different from UDP, which does not check if each packet was transmitted successfully. Although built-in error checking means that TCP is more costly and slower than UDP, this technology provides accurate data delivery between systems. TCP is also used to transfer most types of data, such as web pages and files over the Internet. UDP is ideal for multimedia streaming, which does not require the delivery of all packets.
Functional Basics
TCP originated in the initial network implementation in which it complements the Internet Protocol (IP). Provides reliable, orderly, and verified verification of packet stream delivery between applications running on hosts exchanging over an IP network. The main Internet applications (World Wide Web, e-mail, remote administration, file transfer) depend on TCP. Applications that do not require a reliable data stream service use only the User Datagram Protocol (UDP), which provides a connectionless datagram service that emphasizes reduced security settings.
Creation Background
In May 1974, the Institute of Electrical and Electronics Engineers (IEEE) published a document entitled "Protocol for the Interworking of a Packet Network." The authors of the article, Vint Cerf and Bob Kahn, described an internetworking protocol for sharing resources using packet switching between nodes, including concepts from the French CYCLADES project led by Luis Puzin. The central control component of this model was the transmission control program, which included both connection-oriented links and datagram services between hosts. Then, the monolithic transmission control program was divided into the architecture of the modules, which consisted of a transmission control protocol at the connection-oriented level and an Internet protocol at the interworking level (datagrams). The model was unofficially called TCP / IP, later received the name Internet Protocol Suite.
Network function
The transmission control protocol provides a communication service at an intermediate level between the application program and the Internet protocol. It provides connectivity between nodes in the transport layer of the Internet model. An application does not need to know specific mechanisms for sending data via a link to another host, for example, the required fragmentation of packets on a transmission medium. At the transport level, the algorithm processes all the data of establishing communication and transmission and is an abstraction of the network connection to the application.
At the lower levels of the protocol stack, due to network congestion, traffic load balancing, or other unpredictable behavior, IP data packets may be lost, duplicated, or delivered in a different order. TCP detects these problems, requests the retransmission of lost data, modifies the data due to order, and even helps minimize network load to reduce the risks of other problems. If the data remains undelivered, the source is notified of this failure. After the TCP receiver has reassembled the sequence of initially transmitted packets, it transmits them to the receiving application. Thus, TCP abstracts the connection of the application with the underlying network data.
Application
TCP is widely used by many applications available on the Internet, including e-mail, file transfer protocol, peer-to-peer file sharing, and streaming multimedia applications.
TCP is optimized for accurate, not timely delivery, and can cause relatively long delays (of the order of seconds) while waiting for error messages or retransmission of lost messages. Therefore, it is not suitable for real-time applications such as Voice over IP. For such applications, real-time data transfer protocols (RTPs) based on the user datagram principle are generally recommended.
Benefits
TCP is a secure stream delivery service that ensures that all received data is identical to the sent and in the correct order. Since packet transmission by many networks is not reliable, a method known as “positive acknowledgment with retransmission” is used to provide protection. This technique requires the recipient to respond with a confirmation message, receiving data. The sender keeps a record of each packet sent and maintains a timer from the moment the packet was sent. The sender retransmits the data if the time elapses before receiving confirmation of the message. A timer is necessary if the packet is lost or damaged.
Nuances
While IP handles the actual delivery of data, TCP keeps track of “segments” —the individual units of transmitted data over which the message is divided into efficient routing across the network. For example, when an HTML file is sent from a web server, the TCP software layer of that server divides the sequence of file packets into segments and forwards them individually to the IP software layer (Internet Layer). Internet Layer encapsulates each TCP segment in an IP packet by adding a header that includes (among other data) the destination IP address. When the client program receives them on the destination computer, the TCP (Transport Layer) layer reassembles the individual segments and ensures that they are correctly ordered and error-free when data is transferred to the application.