Before the introduction of Ethereal, now known as Wireshark, TCP-Dump was the packet sniffer and network analyzer detection tool for network security professionals. TCP-Dump is a lightweight and powerful tool for detecting network intrusion and packet sniffing. It does not offer all of the tools and protocols of Wireshark or Kismet, but it is powerful. The GUI is extremely retro and basic, so a lot of newbies don’t use TCP-Dump because it is not dummied down with a graphic interface. Having less features to be debugged and updated, also means better security for TCP-Dump packet sniffer.
TCP-Dump is designed for Linux, but there is a Windows port of TCP-Dump called WinDUMP. Both are minimalistic tools that use very few resources to do their job properly. TCP-Dump developers do not focus on bringing out new bells and whistles constantly, instead they put their energy into perfecting TCP-Dump against portability issues and bugs.
We recommend TCP-Dump and WinDump for newbies that want to start learning about network security, because TCP-Dump is not overloaded or over bloated with features and offers beginners a very basic set of tools that I consider to be the foundation of network security utilities.