This is the home web site of tcpdump, a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture.

Here you can find the latest stable version of tcpdump and libpcap, as well as current development versions, a complete documentation, and information about how to report bugs or contribute patches.

The man pages and other documentation within releases and current development versions usually contain the most up to date information. Below you can find online versions of some of these documents, as well as tutorials and in-depth papers written by various authors.

tcpdump

• The most useful for tcpdump users: tcpdump(1) and pcap-filter(7) man pages.
• Other documents: README, installation notes and change log.
• Let's learn tcpdump! by Julia Evans.
• Tcpdump for dummies by Alexander Sandler.
• A tcpdump tutorial with examples by Daniel Miessler.
• tcpdump cheat sheet by Jeremy Stretch.
• tcpdump advanced filters by Sebastien Wains.

libpcap

• pcap(3PCAP) and rpcapd(8) man pages.
• Other documents: README, installation notes and change log.
• Programming with pcap by Tim Carstens.
• The BSD Packet Filter: A New Architecture for User-level Packet Capture by Steven McCanne and Van Jacobson (Usenix Winter 1993). [PDF version]
• libpcap: An Architecture and Optimization Methodology for Packet Capture by Steve McCanne, CTO Riverbed Technology (Sharkfest'11).
• The Sniffer's Guide to Raw Traffic by Martìn Casado.
• Aprendiendo a programar con libpcap (in Spanish), by Alejandro Lopez Monge.
• Programming with Libpcap - Sniffing the network from our own application by Luis MartinGarcia (Hakin9 Magazine, issue 2/2008). [code samples]
• Develop a Packet Sniffer with Libpcap by Vic Hargrave.
• Using libpcap in C by John Daniel Leon.
• What we talk about when we talk about pcap expressions by Nik Sultana.
• BPF and tcpdump by Andreas Karis.

tcpdump

Version: 4.99.5
Release Date: August 30, 2024
Download: tcpdump-4.99.5.tar.xz (change log) (PGP signature and key)
CLOC analysis and diffs report: Fossies

This tcpdump release makes various improvements and bug fixes available whilst the work on tcpdump 5.0 is still in progress. This release requires libpcap 1.10.0 or later to pass all test cases.

libpcap

Version: 1.10.5
Release Date: August 30, 2024
Download: libpcap-1.10.5.tar.xz (change log) (PGP signature and key)
CLOC analysis and diffs report: Fossies

This libpcap release makes various improvements and bug fixes available whilst the work on libpcap 1.11 is still in progress. Among other things this includes the fixes to two vulnerabilities (CVE-2023-7256 discovered by Dora Sweet and CVE-2024-8006 discovered by Flavio Toffalini and reported by Nicolas Badoux) in the remote packet capture code, which is disabled by default.

The current development versions are freely accessible through the GitHub Git hosting site (tcpdump, libpcap). You can clone these repositories with the following commands:

git clone https://github.com/the-tcpdump-group/tcpdump
git clone https://github.com/the-tcpdump-group/libpcap

A read-only git mirror of all project repositories is available here in case anyone needs it. After cloning the git repositories you can configure and compile the source via either GNU Autoconf or CMake. There is various continuous integration involved in the development process.

tcpdump-workers

This list is focused on development, it also receives announcements. Subscribe by sending an e-mail to [email protected] with the phrase "subscribe tcpdump-workers" as body and subject. A list archive, dating back to 2002-10-01, can be found here, and an archive dating back to 1999-10-18 can be found here. Posts to this list must originate from the subscriber's address.

Please use GitHub as follows:

• Read the guidelines for contributing (tcpdump, libpcap).
• Submit bug reports and feature requests using the issue tracker (tcpdump, libpcap).
• Submit patches by forking the repository (tcpdump, libpcap) and opening a pull request.

tcpdump and libpcap are open source software and anyone can make contributions. You can help by:

• downloading and testing libpcap and tcpdump on your platform
• contributing code
• proofreading the documentation and the man pages
• providing .pcap files for protocols or protocol features that tcpdump supports, but does not test yet
• helping to improve the continuous integration scripts and infrastructure

If you want to contribute, please subscribe to the tcpdump-workers mailing list. It's a good idea to discuss bugfixes and new feature additions in advance, because the changes may have bigger implications than you think and your patch may not get accepted.

tcpdump and libpcap are under a 3-clause BSD license. While the current authors have no objection to converting to a 2-clause BSD license, the number of contributors that would need to agree makes this change unpracticable.