| Version 1 (modified by , 6 years ago) ( diff ) |
|---|
Capture and Analise Packets
In this lab session we will use tcpdump and wireshark to capture packets. To analise them we will use wireshark.
Packet Capturing
tcpdump
- Go to the ubuntu VM
- use tcpdump command to pacture packets
tcpdump -nn
- you will get outputs like following
IP 199.59.148.139.443 > 192.168.1.8.54343: Flags [P.], seq 53:106, ack 1, win 67, options [nop,nop,TS val 854797891 ecr 376933204], length 53
- You can try tcpdump with different attributes
tcpdump –nni eth0 host 10.10.10.10 tcpdump –nni eth0 dst host 10.10.10.10 and tcp tcpdump –nni eth0 src net 10.10.10.0/24 and tcp and portrange 1-1024 tcpdump –nni eth0 –s0 tcpdump –nni eth0 not port 22 –s0 –c 1000 tcpdump –nni eth0 not port 22 and dst host 10.10.10.10 and not src net 10.20.30.0/24 -nn = don’t use DNS to resolve IPs and display port no -i = interface to watch dst = watch only traffic des0ned to a net, host or port src = watch only traffic whose src is a net, host or port net = specifies network host = specifies host port = specifies a port proto = protocol ie tcp or udp -s0 = seIng samples length to 0 m -c = number of packets
- You can capture packets and save them to a file
# tcpdump –nni eth0 -w capture.pcap –vv –c 1000 # tcpdump –nni eth0 –r capture.pcap port 80 -w capture.pcap = save capture packet to capture.pcap –vv = display number of packet captured -r capture.pcap = read capt
Attachments (11)
- start.png (7.6 KB ) - added by 6 years ago.
- stop.png (6.8 KB ) - added by 6 years ago.
- welcome.png (112.0 KB ) - added by 6 years ago.
- options.png (7.8 KB ) - added by 6 years ago.
- telnet.pcap (9.0 KB ) - added by 6 years ago.
- sip_chat.pcap (2.5 MB ) - added by 6 years ago.
- massivesyn.pcap (2.2 KB ) - added by 6 years ago.
- ftp.pcap (1.5 MB ) - added by 6 years ago.
- foobar.pcap (103.1 KB ) - added by 6 years ago.
- covertinfo.pcap (420 bytes ) - added by 6 years ago.
- chat.dmp (6.5 KB ) - added by 6 years ago.
Note:
See TracWiki
for help on using the wiki.
