TCPDUMP


Overview

This project concentrates on the tcpdump utility which can be used for sniffering the network traffic. tcpdump is a command line based packet analyzer and has the ability to capture and display the data packets in any network. This project is intended to showcase how to filter information for certain kinds of traffic, as well as dissecting packets for the purpose of getting the fine details and comprehending network events with the aid of tcpdump. The practical aspect implies setting up of various filters, traffic capture on specific interfaces, examination of captured data in search for patterns, problems or some malicious activities.

Steps

  • The command `tcpdump -i eth0` is being executed in a Kali Linux terminal to capture network traffic on the `eth0` interface. This command initiates the packet capture process, displaying packets as they are captured in real-time.
  • The command tcpdump -c 10 captures 10 packets on the eth0 interface. The output shows details for each captured packet, including timestamp, source and destination IP addresses, protocol type, and additional protocol-specific information. 
  • Total 10 packets were captured, 21 were received by the filter, and 0 were dropped by the kernel.
  • The `tcpdump -i eth0` command captures and displays detailed network traffic on the `eth0` interface, showing packet timestamps, IP addresses, and protocol-specific details.
  • The command tcpdump -w capture.pcap saves captured packets to a file named capture.pcap on the eth0 interface, with 933 packets recorded.
  • The ls command lists the contents of the directory, showing the capture.pcap file. 
  • The wireshark capture.pcap command then opens this file in Wireshark for analysis.
  • The `capture.pcap` file is open in Wireshark, displaying captured network traffic, including TCP, QUIC, and DNS packets. Detailed information is provided for each packet, such as source and destination IPs, protocols, and raw data.

Leave a Reply

Your email address will not be published. Required fields are marked *