The tcpdump utility is a not as friendly as some
other network diagnostic tools. Some of the output is
This is a good time to mention that tcpdump can capture and store
packet flows for consumption at a later date. Frequently, you may
find yourself without a top-notch packet analysis utility such as
ethereal.
Fortunately, you can
create tcpdump data
files and view them with a tool such as
ethereal. Even if a stream analysis tool is not
available, the
documentation
for ethereal is tremendously helpful in
packet analysis.
5.1. Using tcpdump to view ARP messages
Example G.16. Viewing an ARP broadcast request and reply with
tcpdump
Example G.17. Viewing a gratuitous ARP packet with
tcpdump
Example G.18. Viewing unicast ARP packets with
tcpdump
5.2. Using tcpdump to see ICMP unreachable
messages
Example G.19. tcpdump reporting port unreachable
Example G.20. tcpdump reporting host unreachable
Example G.21. tcpdump reporting net unreachable
5.3. Using tcpdump to watch TCP sessions
Example G.22. Monitoring TCP window sizes with
tcpdump
Example G.23. Examining TCP flags with tcpdump
Example G.24. Examining TCP acknowledgement numbers with
tcpdump
5.4. Reading and writing tcpdump data
Example G.25. Writing tcpdump data to a file
Example G.26. Reading tcpdump data from a file
Example G.27. Causing tcpdump to use a line buffer
5.5. Understanding fragmentation as reported by
tcpdump
Example G.28. Understanding fragmentation as reported by
tcpdump
5.6. Other options to the tcpdump command
Example G.29. Specifying interface with tcpdump
Example G.30. Timestamp related options to tcpdump