dosnt compile on non linux boxes yet must run root or setuid: FOR GODS SAKE USE -N run tcpdump with -S and -v options. type ippacket to show command line options, for options which need an argument the default is shown in parentheses. ippacket -p ? : shows protocols that can be run over IP to use with -p option. ippacket -f ? : shows TCP flags to use with -f option, multiple flags can be used by repeatedly giving -f options, if no -f its FIN ippacket -i ? : shows icmp types to use with -i option. EXAMPLES: running 'tcpdump -Svt -i lo' #######all lines are repeated on the tcpdump log when you use lo send an ip packet: cmd line: ippacket -s localhost -d localhost tcpdump: localhost > localhost: ip-proto-255 0 (ttl 60, id 13582) send an ip packet with ttl = 1: cmd line: ippacket -s localhost -d localhost -T 1 tcpdump: localhost > localhost: ip-proto-255 0 [ttl 1] (id 33294) send an ip packet with id = 444: cmd line: ippacket -s localhost -d localhost -I 444 tcpdump: localhost > localhost: ip-proto-255 0 (ttl 60, id 444) send a tcp packet: cmd line: ippacket -d localhost -s localhost -p IPPROTO_TCP tcpdump: localhost.7777 > localhost.7778: F 0:20(20) win 512 (ttl 60, id 19726) localhost.7778 > localhost.7777: R 0:0(0) ack 0 win 0 (ttl 255, id 23160) send a udp packet: cmd line: ippacket -d localhost -s localhost -p IPPROTO_UDP tcpdump: localhost.7777 > localhost.7778: udp 7160 (ttl 60, id 17422) send an icmp packet, default icmp type is echo request, second line is host sending echo reply back: cmd line: ippacket -d localhost -s localhost -p IPPROTO_ICMP tcpdump: localhost > localhost: icmp: echo request (ttl 60, id 18446) localhost > localhost: icmp: echo reply (ttl 64, id 23155) send a tcp packet from localhost port 555 to localhost port 999: cmd line: ippacket -d localhost -s localhost -p IPPROTO_TCP -x 555 -y 999 tcpdump: localhost.555 > localhost.999: F 0:20(20) win 512 (ttl 60, id 19470) localhost.999 > localhost.555: R 0:0(0) ack 0 win 0 (ttl 255, id 23159) send a udp packet from localhost port 555 to localhost port 999: cmd line: ippacket -d localhost -s localhost -p IPPROTO_UDP -x 555 -y 999 tcpdump: localhost.555 > localhost.999: udp 7160 (ttl 60, id 32526) send a tcp packet with URG flag set urgent pointer of 123: cmd line: ippacket -d localhost -s localhost -p IPPROTO_TCP -f TH_URG -u 123 tcpdump: localhost.7777 > localhost.7778: . 0:20(20) win 512 urg 123 (ttl 60, id 26382) localhost.7778 > localhost.7777: R 0:0(0) ack 0 win 0 (ttl 255, id 23167) send a tcp packet with ACK flag set and ack number of 123: cmd line: ippacket -d localhost -s localhost -p IPPROTO_TCP -f TH_ACK -a 123 tcpdump: localhost.7777 > localhost.7778: . 0:20(20) ack 123 win 512 (ttl 60, id 28430) localhost.7778 > localhost.7777: R 123:123(0) win 0 (ttl 255, id 23169) send a tcp packet with SYN flag set and sequence number of 123: cmd line: ippacket -d localhost -s localhost -p IPPROTO_TCP -f TH_SYN -q 123 tcpdump: localhost.7777 > localhost.7778: S 123:143(20) win 512 (ttl 60, id 31758) localhost.7778 > localhost.7777: R 0:0(0) ack 124 win 0 (ttl 255, id 23177) send a tcp packet with a window size of 333: cmd line: ippacket -d localhost -s localhost -p IPPROTO_TCP -w 333 tcpdump: localhost.7777 > localhost.7778: F 0:20(20) win 333 (ttl 60, id 35342) localhost.7778 > localhost.7777: R 0:0(0) ack 0 win 0 (ttl 255, id 23180) to save outgoing packet to a file use: -W filename to add a line of data to end of header use: -D "data to send" -D option works with all -p options run tcpdump with the -w filename option to save the packets it recieves. combine multiple tcp flags: cmd line: ippacket -p IPPROTO_TCP -f TH_SYN -f TH_ACK -f TH_URG -f TH_PUSH tcpdump: 127.0.0.1.7777 > 0.0.0.0.7778: SP 0:20(20) ack 0 win 512 urg 0 (ttl 60, id 61721 127.0.0.1.7778 > 127.0.0.1.7777: R 0:0(0) win 0 (ttl 255, id 3842)