This is the official web site of tcpdump, a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture.

In this page, you'll find the latest stable version of tcpdump and libpcap, as well as current development versions, a complete documentation, and information about how to report bugs or contribute patches.


Full documentation is provided with the source packages in man page format. People with Windows distributions are best to check the Windows PCAP page for references to WinDUMP. What follows are the man pages formatted in HTML (using man2html) and some tutorials written by external contributors.


tcpdump and libpcap are under a 3-clause BSD license. While the current authors have no objection to converting to a 2-clause BSD license, the number of contributors that would need to agree has made this effort challenging. A volunteer is welcome.

Latest Releases


Version: 4.99.1
Release Date: June 9, 2021
Download: tcpdump-4.99.1.tar.gz (changelog) (PGP signature and key)

This release contains initial work to redo how buffer overruns are handled. The next major release will be 5.0, and will have all the legacy ND_CHECK* macros removed, but this is taking longer than planned. No new code with ND_CHECK* will be accepted.

We maintain a list of public CVE information. This tcpdump release requires libpcap 1.10.1 in order to pass all test cases.


Version: 1.10.1
Release Date: June 9, 2021
Download: libpcap-1.10.1.tar.gz (changelog) (PGP signature and key)

Current Development Versions

The current development versions are freely accessible through the GitHub Git hosting site. tcpdump can be found at GitHub: tcpdump and libpcap can be found at GitHub: libpcap. You can clone these repositories with the following commands:

git clone https://github.com/the-tcpdump-group/tcpdump.git git clone https://github.com/the-tcpdump-group/libpcap.git

A read-only git mirror of all project repositories is available here in case anyone needs it. After cloning the git repositories you can configure and compile the source via either GNU Autoconf or CMake.

The continuous integration systems below automatically build the current development versions of tcpdump and libpcap:

Mailing List

This list is focused on development, it also receives announcements. Subscribe by sending an e-mail to tcpdump-workers-request@lists.tcpdump.org with the phrase "subscribe tcpdump-workers" as body and subject, or through the web interface. The list archive from October 2014 onwards can be accessed here. A deeper archive can be found here. Posts to this list must originate from the subscriber's address.

Patches, Bug Reports and Feature Requests

Bugs and patches are tracked through GitHub. Please submit them using the following resources:

For libpcap (please read the guidelines for contributing first):

  • Submit bugs and feature requests on the issue tracker.
  • Submit patches by forking the branch at GitHub: libpcap and issuing a pull request.

For tcpdump (please read the guidelines for contributing first):

  • Submit bugs and feature requests on the issue tracker.
  • Submit patches by forking the branch at GitHub: tcpdump and issuing a pull request.

How to Contribute

Tcpdump and libpcap are open source software and anyone can make contributions. You can help by:

  • downloading and testing libpcap and tcpdump on your platform
  • contributing code
  • proofreading the documentation and the man pages
  • providing .pcap files for protocols or protocol features that tcpdump supports, but does not test yet

If you want to contribute, please subscribe to the tcpdump-workers mailing list. It's a good idea to discuss bugfixes and new feature additions in advance, because the changes may have bigger implications than you think and your patch may not get accepted.