Tutorial TCPdump

Valic —  June 28, 2010 — Leave a comment

TCPdump is a very powerful command line interface packetsniffer.

Step 1. Install TCPdump

apt-get install tcpdump

Stept 2. TCPdump use

Step 2.1 To display the Standard TCPdump output:

tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:14:25.060050 IP 89.35.90.202.clax.ro.27015 > h89-37-110-61.teleson.ro.27005: UDP, length 229
15:14:25.060071 IP 89.35.90.202.clax.ro.27015 > 86-124-241-9.rdsnet.ro.27005: UDP, length 374
15:14:25.060213 IP 86-124-240-65.rdsnet.ro.27005 > 89.35.90.202.clax.ro.27015: UDP, length 78
15:14:25.060236 IP 91-213-135-21.optic-bridge.com.ro.45249 > 89.38.255.34.28822: UDP, length 20
15:14:25.060240 IP 89.35.90.202.clax.ro.27015 > 86-124-240-65.rdsnet.ro.27005: UDP, length 221
15:14:25.060481 IP 89.35.90.202.clax.ro.27015 > 78-21-42-14.access.telenet.be.27005: UDP, length 163
15:14:25.060694 IP 89.35.90.202.clax.ro.27015 > user-ip-23-89-33-89-sel.rdsnav.ro.63087: UDP, length 224
15:14:25.060731 IP 89.35.90.202.clax.ro.32783 > ns1.clax.ro.domain: 65251+ PTR? 61.110.37.89.in-addr.arpa. (43)
15:14:25.060830 IP 89.35.90.202.clax.ro.27015 > 92.83.223.46.61499: UDP, length 113
15:14:25.060851 IP 89.35.90.202.clax.ro.38331 > 89.35.90.18.clax.ro.62613: P 2328008232:2328008428(196) ack 4034406897 win 410
15:14:25.060910 IP 89.35.90.202.clax.ro.27015 > 86-121-72-43.rdsnet.ro.27005: UDP, length 109
15:14:25.060966 IP 92.83.176.255.27005 > 89.35.90.202.clax.ro.27015: UDP, length 74
15:14:25.061020 IP 89.35.90.202.clax.ro.27015 > 95-65-79-185.starnet.md.27005: UDP, length 117

Step 2.2 Network interfaces available for the capture:

Continue Reading…

Page 1 of 11