Etherdump is a compact Ethernet sniffer that is highly effective in capturing network traffic.
The user interface for EtherDump is simple; just run the program without arguments and the usage instructions will be displayed. The session can be logged as a file using ASCII hex dump, and when accomplished, run `text2pcap hex_dump pcap_file' to read `pcap_file' with Ethereal or another libpcap-aware program.
EtherDump supports minimal packet filtering rules since version 2.01, including protocols, source and destination ports, and sources and destinations. The user can also apply negation rules by using "!" or "not." If EtherDump is executed from a symlink named "tcpdump," it can provide a tcpdump-like default printout.
The compiled size of EtherDump is ~8kB on uClibc, making it ideal for debugging network interfaces on embedded systems. It can be combined with netcat or a CGI script + httpd and read the traffic (converted to pcap) on another machine on the network.
In its latest version, EtherDump has undergone several changes and improvements. The configuration option now reflects the new name, "etherdump," instead of "packetdump." -p is now -e, and basic [ipv4] filtering rules have been added. The tcpdump output is further improved, with the addition of -i to specify the interface. If EtherDump is executed as "tcpdump," tcpdump-like output is the default output type.
Overall, EtherDump is a highly recommended ethernet sniffer software that is easy to use, efficient, and packed with useful features.
Version 2.01: N/A