tcpdump is a so called ``sniffer'': it is used to collect full traces of frames on a LAN, in our case, on ethernet. Please do man tcpdump and look at the manual pages. No need to read the whole thing unless you plan to start using it. You must be superuser to use tcpdump. There are a few examples of output (partially digested!) of tcpdump on these pages. The way I tend to use tcpdump is to make a ``raw data file'' using the -w option, and then repeatedly analyze that file with different options. (Using the -r option). dumpIPP.txt is output which shows that if there are an IPP (Internet Print Protocol) Server and Client, they chatter incessantly, making it hard to see what you are interested in. dumpntp.txt and dumpntphex.txt are two different representations of the same packet stream. The second one includes a complete hexadecimal representation of every packet (used the -x option). These two runs give a picture of the activity on the interface of the computer hawking (Should have been Hawkings) when I used rdate to synchronize the clock on hawking with the clock on ntp.njit.edu (The NJIT Network Time Protocol Server). Do ``man date'' and ``man rdate''. Please study the first few packets of every trace. On the first quiz after the break there will be a question where you must study a short output of tcpdump and answer question about the packets. --- Example: the following is output from tcpdump (edited to make it easier readable). For the packet marked: At what time of day was it sent? What are physical source and destination addresses? what is the frame type? How large is the frame? This frame contains an IPv4 packet. How could I tell? For the IP header, give a short description and the value of every field. For identifier and checksum, leave the value in hexadec. For all other fields, give the value in hexadec as well as decimal (or dotted decimal). --- Another fairly popular sniffer is ethereal. I prefer tcpdump, because it allows the option of a hexadecimal representation of all packets, in their entireties. ethereal is nicer if you are happy with the information it is willing to give.