tcpdump

executablemacOS2.2 MBx86_64, arm64

Packet capture utility — captures and analyzes raw network traffic

Provides raw packet capture functionality for network analysis and diagnostics. Intercepts network traffic at the packet level and exposes it through a library interface for other processes. Contains telemetry collection with references to multiple bundle identifiers and network endpoints for reporting diagnostic data. Includes 4 standard frameworks supporting network operations and analysis.AI

Fingerprint

Platform: macOS
Type: executable
Arch: x86_64, arm64
Min OS: 26.1.0
SDK: 26.1.0
File Size: 2.2 MB
UUID: 8D2E5A36-9FAF-3CF2-BC82-B9285DE15C68
Analyzed: 2026-04-09T10:16:52Z
CDHash: 0717eee5514263c32551fd61776f6c23380654b06e779524527d4ea30d809a46

Capabilities

NetworkRaw packet capture library

/usr/lib/libpcap.A.dylib

Frameworks4

libssl.48.dylib libcrypto.46.dylib libpcap.A.dylib libSystem.B.dylib

Entitlements1

com.apple.private.skywalk.observe-alltrue

Interesting Strings

Bundle IDs(3)

%com.apple.private.skywalk.observe-all <key>com.apple.private.skywalk.observe-all</key>com.apple.tcpdump

telemetry(60)

Metric Block origin-router %s, origin-as %u, origin-proto %s, flags [0x%02x], tag 0x%08x, metric %u origin-router %u, origin-as %u, origin-proto %s, flags [0x%02x], tag 0x%08x, metric %u %s metric %u %s, metric: %u

URLs & Endpoints(4)

$http://crl.apple.com/codesigning.crl0 %http://www.apple.com/appleca/root.crl0 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">https://www.apple.com/appleca/0

Network Surface

Endpoints(7)

Ipv6aAbB:c:C:dDeE:fF

Urlhttp://www.apple.com/DTDs/PropertyList-1.0.dtd">

Hostnamewww.apple.com

Urlhttp://www.apple.com/appleca/root.crl0

Urlhttp://crl.apple.com/codesigning.crl0

Hostnamecrl.apple.com

Urlhttps://www.apple.com/appleca/0

DNA Capability Vector

Location

0

Keychain

0

Network

1

Storage

0

Hardware

0

IPC

0

Analytics

0

Security

0

System

0

Behavioral Profile

URL Endpoints

4

Telemetry Strings

60

File Paths

0

Bundle IDs

3

IOKit Constants

0

Library Functions

0

Structural HashesSHA-256

Code406da46df4ed5b68ce0f47bbe1727fdcebe6c8ab70d8635406047d3bbc027c67

Importscf7d461d99ecfda764515e5dfa184129dbbfa5d55694d4c56d725d8b58f9cbe1

Frameworks552d476c0353d78e244fe9be67144ac42d1f287ba58c101f59926e1eedeef03f

Classese3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Entitlements16396b3e72cf435eccbad7138c3042f2ce421bd2f4938801c60ebe503adb1f1b

Symbolscf7d461d99ecfda764515e5dfa184129dbbfa5d55694d4c56d725d8b58f9cbe1

Static Libraries0 / 881 functions identified

Functions(881)

0x100000770intoa

0x100000810ipaddr_string

0x10000095cnewhnamemem

0x100000a08ip6addr_string

0x100000b78newh6namemem

0x100000c24etheraddr_string

0x100000dd4lookup_emem

0x100000ec0le64addr_string

0x100000fbclookup_bytestring

0x100001164linkaddr_string

0x1000012e8isonsap_string

0x100001550tcpport_string

0x100001614udpport_string

0x1000016d8ipxsap_string

0x1000017c8init_addrtoname

0x100001b60dnaddr_string

0x100001be0ieee8021q_tci_string

0x100001c4clookup_protoid

0x100001d40addrtostr

0x100001e08addrtostr6

Imports215 symbols from 3 dylibs

libSystem.B.dylib111 libpcap.A.dylib90 libcrypto.46.dylib14

Exports2

_mh_execute_header0x0

bpf_dump0x2104

Similar Binaries1,470 comparable