Only
packets that match the options will be processed by Tcpdump.
Remember that all Linux commands are case sensitive.
Procedure: Compile, make, and install the application and run on the
network with the syntax of:
tcpdump
From the directory containing the compressed files type tar ??“zxvf
tcpdump-3.9.3.tar.gz.
The files will uncompress into a new directory named tcpdump-3.9.4.
Change to the new directory by typing cd tcpdump-3.9.4 and pressing
Enter.
As with most Linux applications, Tcpdump must be compiled to the specific
machine it is installed on. In this example this is done by typing ./configure.
224 � Practical Hacking Techniques and Countermeasures
The Tcpdump application will configure to the specific machine it is on.
The next step is to make the executable by typing make and pressing
Enter.
Sniffing Traffic � 225
The make command will execute.
That last step is to install the executable by typing make install and
pressing Enter.
226 � Practical Hacking Techniques and Countermeasures
The make install command will execute.
To execute Tcpdump in its most basic form, simply type:
./tcpdump
Sniffing Traffic � 227
Many sniffers have the ability to ???catch all??? (or almost all) traffic by default.
Tcpdump is no different.
Tcpdump requires expressions (options) to instruct it to give you a more
granular result of the ???sniff.??? For example, to only see data incoming or
outgoing from a specific target:
tcpdump host (Target IP or Hostname)
To only see data incoming to a specific target:
tcpdump dst host (Target IP or Hostname)
To filter by TCP or UDP and only see data incoming to a specific target for
only Web or SSL traffic:
tcpdump dst host (Target IP or Hostname) && (tcp dst
port 80 or tcp dst port 443)
*Note: Tcpdump is a very good packet sniffer and is commonly used by security
professionals to review active firewalls and network traffic.
Pages:
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107