This application is available for almost all operating systems (in Windows is called WinDump). It uses the libpcap library in the cases of UNIX systems and winpcap for Windows, which is responsible for packet captures. This tool allows debugging of the output obtained by means of filters, allowing capture specific port filtering, or filtering by protocol type, source or destination address, on a specific interface and others.
The installation of Linux operating systems tcpdump is usually not necessary, since it comes installed by default on most distributions, but if required, simply install using the package manager of your distribution, I am sure it is on the repositories, but if you want to compile it yourself you can download it here. For Windows systems you can download it here.
Wireshark
Wireshark [2] is an analysis program, held under GNU GPL (GNU General Public License), also uses the same packet capture libraries those used in TCPDUMP, depending on the operating system. Unlike TCPDUMP, Wireshark allows management through a friendly graphical interface (see Figure # 2), so the user has no possibility of an unattended management. Also it permits filtering and traffic analysis with statistics, graphics and other utilities. It supports the TCPDUMP file format and recognizes a lot of protocols.
Figure # 2: View of the content of a UDP packet using Wireshark.
Another interesting feature for researchers is that it allows the export of capture files to different formats for use with oriented applications of mathematical analysis or databases, which can be useful for further analysis, such as calculations of delays, MOS, statistics and other quantities that can be extracted from the packet capture in the network.
For installation on Linux systems, this application is usually found in the repositories, so you use the package manager as distribution, if you can not find it or you are using Windows you can download it here.
