Knowing the basics behind the captured tcpdump data, we can start looking at how to use tcpdump within the network. tcpdump can be used to test lines and network connections or sniff packets. There may be instances when problems arise within the network and you cannot physically lay hands on any machines for testing. It is times such as these that tcpdump comes in handy. If you can secure shell or SSH into a machine on the network and configure your network card to run in promiscuous mode, you can sniff the packets flowing by and later analyze them for issues.
It's interesting to note that tcpdump captures packets before the kernel receives them and after they leave it. Even more importantly, the packets are captured before they are processed by Netfilter. tcpdump allows you to see if the packets are arriving; it can also check the local machine for faulty configurations in the event of network problems.
If you are not sniffing from a remote host through an SSH session, instead of the client itself, be careful! You can end up sniffing your own terminal session traffic. tcpdump generates line after line of output that gets sent to your client through the terminal session, which generates more traffic, which gets sniffed, which... well, you get the idea. You can exclude the traffic generated by your terminal session with careful filtering (discussed later in the chapter).
Because tcpdump is command-line based, it is easy to run on any machine. You need not worry ...