The tcpdump application is the frontend to Wireshark and other network sniffer programs. The GUI interface supports many of the options we'll describe shortly.

This application's default behavior is to display every packet seen on the primary Ethernet link. The format of a packet report is as follows:

    TIMESTAMP SRC_IP:PORT > DEST_IP:PORT: NAME1 VALUE1, NAME2 VALUE2,...

The name-value pairs include:

• Flags: The flags associated with this packet are as follows:
• • The term S stands for SYN (Start Connection)
  • The term F stands for FIN (Finish Connection)
  • The term P stands for PUSH (Push data)
  • The term R stands for RST (Reset Connection)
  • The period . means there are no flags
• seq: This refers to the sequence number of the packet. ...