2. AGENDA
INTRO TO TCPDUMP.
DECIFERING A DATA PACKET.
BASIC USAGE.
INTERMEDIATE USAGE.
HACK-A-TACK…
REFERENCES.
ACKNOWLEDGEMENTS.
3. TCPDUMP
It is an ip utility tool used for real-time packet
sniffing(Network).
Command line program comes in built in a Unix
based system.
Programs like ethereal(Wireshark) provide an
alternative to Tcpdump in GUI environment.
4. INTRO
operating system used
OPEN SYSTEM- UBUNTU 9.10
software used
program version manner of installation
TCPDUMP 4.0.0 PRE-INSTALLED
document history
version date changes
1.0.0 2004-04-14 -concieved
- new document history scheme
1.0.1 2005-10-05 - minor corrections and some new
examples
7. COMMAND LINE N OPTION
Option Descriptions
-i -Tells the interface we are using.
-e -Gives the MAK address.
-q -Stay quite rather than printing more info.
-v -Stay verbous.
-vv -Very verbous.
-t -Remove time stamp.
-l -Buffers one line at a time on output.
-c -Count of packet to capture.
-w -Write to a file then printing on screen.
-r -Read the content of file.
8. EXPRESSIONS
Negation.
Concatenation.
Alternation.
Example:
1. #tcpdump –w hades.txt not port 22
2. # cat > filterfile
dst host spider and "(udp or proto 51)" and not
(src host peter or src host goblin)"
Ctrl-D
# tcpdump -F filterfile
10. CONCLUSION
#tcpdump –qel |tee hades.txt -vv src host <ip_in_network> and
"(udp or http)"
and dst host <ip_of_server>
# tcpdump -i eth0 -nq
not "(port 22 and host <ip_firewall>)"
and not "(port 53 or 80 or 110 or 119 or 443)"
and dst host <my_ip>
# tcpdump -i tun0 -nq
and not port '(20 or 21 or 25 or 53 or 80 or 110 or 119 or 123 or 443)'
and not icmp
and src host <my_ip>