tcpdump is a powerful command-line packet analyzer used primarily in UNIX and UNIX-like operating

systems; it allows the capture and display of TCP/IP and other packets being transmitted or received

over a network to which the computer is attached.

Unlike graphical tools like Wireshark, tcpdump provides raw output of the packet captures directly to

the terminal or a specified file, making it ideal for deep dive network analysis, especially in

environments where a graphical user interface is unavailable.

tcpdump uses the libpcap library to capture packet data, which allows it to support a wide range of

command-line options to filter and display packet information according to user needs.

Reference

"tcpdump manual page," by the Tcpdump Group.

"Practical Packet Analysis Using Wireshark to Solve Real-World Network Problems," by Chris Sanders,

No Starch Press.