- It records metadata about packet flows.
- It uses agents to submit host logs to centralized management servers.
- It can display packet captures in real time or write them to a file.
- It provides real-time reporting and long-term analysis of security events.
Explanation: The tcpdump command line tool is a packet analyzer that captures detailed packet protocol and content data. It can display packet captures in real time or write them to a file.