Welcome!

This is the official web site of tcpdump, a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture.

In this page, you'll find the latest stable version of tcpdump and libpcap, as well as current development versions, a complete documentation, and information about how to report bugs or contribute patches.

Documentation

Full documentation is provided with the source packages in man page format. People with Windows distributions are best to check the Windows PCAP page for references to WinDUMP. What follows are the man pages and some tutorials written by external contributors.

Latest Releases

Tcpdump

Version: 4.99.1
Release Date: June 9, 2021
Download: tcpdump-4.99.1.tar.gz (changelog) (PGP signature and key)

This release contains work in progress to redo how buffer overruns are handled. The next major release will be 5.0, and will aim to replace all of ND_TCHECK_ and most of ND_TTEST_ legacy macros with the new GET_ macros, but this is taking longer than planned. Meanwhile no new code with the legacy macros will be accepted. This tcpdump release requires libpcap 1.10.1 in order to pass all test cases.

Libpcap

Version: 1.10.1
Release Date: June 9, 2021
Download: libpcap-1.10.1.tar.gz (changelog) (PGP signature and key)

Current Development Versions

The current development versions are freely accessible through the GitHub Git hosting site (tcpdump, libpcap). You can clone these repositories with the following commands:

git clone https://github.com/the-tcpdump-group/tcpdump
git clone https://github.com/the-tcpdump-group/libpcap

A read-only git mirror of all project repositories is available here in case anyone needs it. After cloning the git repositories you can configure and compile the source via either GNU Autoconf or CMake. There is various continuous integration involved in the development process.

Mailing List

tcpdump-workers
This list is focused on development, it also receives announcements. Subscribe by sending an e-mail to tcpdump-workers-request@lists.tcpdump.org with the phrase "subscribe tcpdump-workers" as body and subject, or through the web interface. The list archive from October 2014 onwards can be accessed here. A deeper archive can be found here. Posts to this list must originate from the subscriber's address.

Patches, Bug Reports and Feature Requests

Please use GitHub as follows:

  • Read the guidelines for contributing (tcpdump, libpcap).
  • Submit bug reports and feature requests using the issue tracker (tcpdump, libpcap).
  • Submit patches by forking the repository (tcpdump, libpcap) and opening a pull request.

How to Contribute

Tcpdump and libpcap are open source software and anyone can make contributions. You can help by:

  • downloading and testing libpcap and tcpdump on your platform
  • contributing code
  • proofreading the documentation and the man pages
  • providing .pcap files for protocols or protocol features that tcpdump supports, but does not test yet

If you want to contribute, please subscribe to the tcpdump-workers mailing list. It's a good idea to discuss bugfixes and new feature additions in advance, because the changes may have bigger implications than you think and your patch may not get accepted.

License

tcpdump and libpcap are under a 3-clause BSD license. While the current authors have no objection to converting to a 2-clause BSD license, the number of contributors that would need to agree has made this effort challenging. A volunteer is welcome.