Now that you have learned a bit about Internet Protocol (IP), you can take a closer look at how it works by using a practical analysis tool known as TCPdump. Just as you cannot do any kind of intrusion detection or traffic analysis without knowledge of TCP/IP, you cannot do analysis without a tool of some sort. TCPdump, or its Windows cousin Windump, is a popular and widely used piece of software that can give you some insight into the traffic activity that occurs on a given network. This chapter teaches you how to manipulate the tool for your own purposes and explains the output that it displays. The ...