Is it possible to see tcpdump real source code?

Question

Before question, my question article may have some incorrect content. I am a linux newbie and a newbie developer.

I have a question regarding linux tcpdump source code. As I know tcpdump is implemented using libpcap.

How tcpdump is work? My opinion is that since tcpdump binary executable file is set in PATH. right?
My main question is that where is tcpdump c source code? I already knew tcpdump library code which is accessible tcpdump homepage tcpdump

I want to see tcpdump real c code containing main function, variable header files. Please let me know the location.

I use Ubuntu 16.04 LTS.

You can find the source here (https://github.com/the-tcpdump-group/tcpdump). From the developper's site, you can clone the tcpdump GitHub repository using:
git clone https://github.com/the-tcpdump-group/tcpdump.git — Cbhihe, Jul 03 '16 at 09:42

score 8 · Accepted Answer · answered Jul 03 '16 at 09:38

8

tcpdump is available in the main repository in Ubuntu.

To download the source code of tcpdump:

Make sure you have the repositories enabled for deb-src type packages, for xenial (16.04) add the following to the /etc/apt/sources.list:
```
deb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted
```
Replace xenial with your release codename, you can find your release codename by:
```
lsb_release -sc
```
Now update the local package list by synchronizing with the repositories:
```
sudo apt-get update
```
Install the source code of tcpdump:
```
apt-get source tcpdump
```
It will be downloaded and auto-extracted on the current directory; also no need for sudo unless you don't have write permission on the directory.

All the files you need are inside the directory tcdump-<version> e.g. for version 4.5.1 the directory would be tcpdump-4.5.1.

answered Jul 03 '16 at 09:38

heemayl

91,753

Thank you. I have one more question. In tcpdump-4.7.4 directory, what is the c code file name containing main function – 박주현 Jul 03 '16 at 09:48
@박주현 Check tcpdump.c – heemayl Jul 03 '16 at 09:49
thank you. I want to be sure one more time. when we type
```
 tcpdump icmp  in terminal, then tcpdump.c source file is run? right?
```
– 박주현 Jul 03 '16 at 09:55
oh sorry. typo.
```
  is typo. sorry
```
– 박주현 Jul 03 '16 at 09:55
@박주현 The compiled binary would be run then, the binary is compiled from the source so yes, same thing.. – heemayl Jul 03 '16 at 10:00

score 4 · Answer 2 · edited Jul 03 '16 at 14:46

I'm not sure I understand well your first question, but:

You can find the source on GitHub. As indicated on the developer's site, you can clone the tcpdump GitHub repository using:
```
git clone https://github.com/the-tcpdump-group/tcpdump.git
```
When you compile the code, you will have to decide where you want your executable to reside. Just make sure that it is located somewhere your user PATH variable points to or just modify your PATH to include that location.

You can also install it directly from Canonical repo through sudo dpkg -i DEB_PACKAGE or sudo apt-get install DEB_PACKAGE or using a GUI if you fancy one... In that case you'll find your binary at /usr/sbin/tcpdump. In addition

 whereis tcpdump

will give you the location of your binary (above), your source code and your man page files.

@박주현: my pleasure. heemayl beat me with a better answer. You should mark his as the going answer. — Cbhihe, Jul 03 '16 at 10:09

Is it possible to see tcpdump real source code?

2 Answers2