Explain how tcpdump works and what the outputs mean.


tcpdump command is also called as packet analyzer.

tcpdump command will work on most flavors of unix operating system. tcpdump allows us to save the packets that are captured, so that we can use it for future analysis. The saved file can be viewed by the same tcpdump command. We can also use open source software like wireshark to read the tcpdump pcap files.

Asad Zaman on Jul 14, 2015

That's a good answer.

Now, I am going to give you a packet capture in a pcap file, and I want you to tell me why this particular web server is not working. You may use wireshark if you wish, but I would be more impressed if you could diagnose the problem using just tcpdump.

Jeff Silverman on Jul 14, 2015

