Tcpdump does exactly what its name implies: it dumps the contents of the TCP/IP packets passing through an interface to an output device, usually the screen or to a file. In order for Tcpdump to work, it must be able to put network card into what is called ___________ mode. This means that the network card will intercept all traffic on the Ethernet wire, not just that addressed to it. Each operating system processes traffic from the Ethernet card in a different fashion. To provide a common reference for programmers, a library called _________ was created. On UNIX this is known as _________ and on Windows as __________. These low-level drivers can modify the way the card would normally handle traffic. They must be installed before you can install Tcpdump.If Tcpdump is already on the system, then already there exist this driver installed. If not we have to install it :hanged:
In order for Tcpdump to work, it must be able to put your network card into what is called promiscuous mode. This means that the network card will intercept all traffic on the Ethernet wire, not just that addressed to it. Each operating system processes traffic from the Ethernet card in a different fashion. To provide a common reference for programmers, a library called pcap was created. On UNIX this is known as libpcap and on Windows as WinPcap. These low-level drivers can modify the way the card would normally handle traffic. They must be installed before you can install Tcpdump.
