INTRO TO TCPDUMP.
DECIFERING A DATA PACKET.
It is an ip utility tool used for real-time packet
Command line program comes in built in a Unix
Programs like ethereal(Wireshark) provide an
alternative to Tcpdump in GUI environment.
operating system used
OPEN SYSTEM- UBUNTU 9.10
program version manner of installation
TCPDUMP 4.0.0 PRE-INSTALLED
version date changes
1.0.0 2004-04-14 -concieved
- new document history scheme
1.0.1 2005-10-05 - minor corrections and some new
COMMAND LINE N OPTION
-i -Tells the interface we are using.
-e -Gives the MAK address.
-q -Stay quite rather than printing more info.
-v -Stay verbous.
-vv -Very verbous.
-t -Remove time stamp.
-l -Buffers one line at a time on output.
-c -Count of packet to capture.
-w -Write to a file then printing on screen.
-r -Read the content of file.
1. #tcpdump –w hades.txt not port 22
2. # cat > filterfile
dst host spider and "(udp or proto 51)" and not
(src host peter or src host goblin)"
# tcpdump -F filterfile
#tcpdump –qel |tee hades.txt -vv src host <ip_in_network> and
"(udp or http)"
and dst host <ip_of_server>
# tcpdump -i eth0 -nq
not "(port 22 and host <ip_firewall>)"
and not "(port 53 or 80 or 110 or 119 or 443)"
and dst host <my_ip>
# tcpdump -i tun0 -nq
and not port '(20 or 21 or 25 or 53 or 80 or 110 or 119 or 123 or 443)'
and not icmp
and src host <my_ip>