• It records metadata about packet flows.
  • It uses agents to submit host logs to centralized management servers.
  • It provides real-time reporting and long-term analysis of security events.

Explanation: The tcpdump command line tool is a packet analyzer that captures detailed packet protocol and content data. It can display packet captures in real time or write them to a file.