tcpdump

tcpdump is a command-line packet sniffer that captures and prints network traffic from live interfaces or pcap files.

It uses libpcap for capture, applies filter expressions to match addresses, ports and protocols, decodes layers such as IPv4, IPv6, TCP, UDP, ICMP, DNS and HTTP, records traffic into pcap files, reads existing traces, supports timestamps and snap length control and lets you choose between short one-line summaries or more verbose output when you need to inspect headers and flags. tcpdump is cross platform and runs on Linux, BSDs, macOS and Windows via WinPcap or Npcap.

tcpdump works best for network administrators, SREs, security engineers and curious developers who need precise visibility into on-the-wire behaviour when debugging connectivity, latency spikes, dropped packets, weird subtle protocol handshakes or suspected intrusions.