From the course: Network Forensics
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
tcpdump and WinDump
- [Instructor] A majority of packet capture, or sniffing tools, use a software library called packet capture, or PCAP in short, to sniff network data. The Unix/Linux version of PCAP is called libpcap while its Windows version is referred to as WinPcap. There are two well-known tools relying on PCAP to capture and analyze packets. The first one is tcpdump, a simple command-line interface packet sniffer. The second one is Wireshark, which is a much more sophisticated and user-friendlier tool complete with a graphical user interface, or GUI. Tcpdump works on Unix/Linux operating systems. There's also a Windows port of tcpdump called WinDump, taking advantage of the WinPcap library. Both tcpdump and WinDump have a similar set of commands and options, but there are of course subtle differences between the two tools. Tcpdump is pre-installed on Ubuntu, but WinDump requires a new installation which includes setting up WinPcap. Let's try to run WinDump without installing WinPcap and see what…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.