The output can be saved
to a file for further diagnoses. This type of capture used in conjunction
with switch bypass techniques can be valuable to an attacker to determine
which computers communicate with which other servers. This application
does not give details of the packets captured by displaying the flow of the
traffic captured. Remember that all Linux commands are case sensitive.
Procedure: For Windows simply execute from the directory containing the
executable. For Linux, uncompress and execute with the following syntax:
ipdump2 (interface)
For Linux
From the directory containing the compressed files type tar ??“zxvf ipdump2-
pre1.tgz.
The files will uncompress into a new directory named ipdump2-pre1.
Change to the new directory by typing cd ipdump2-pre1 and pressing Enter.
Execute by typing
./ipdump2 eth0
*Note: The interface in this example is eth0 as it is the only interface in this virtual
machine. If you have multiple NICs you may wish to use other NICs by
incrementing the number: int1, int2, ppp0, ppp1, and so on.
Sniffing Traffic � 235
The traffic will appear on the screen identifying the IP addresses of each
packet as well as which port each packet is coming from and destined to.
Unless instructed otherwise, the application will continue to run until the Ctrl
plus the C key is pressed. The packets are displayed as:
Date ??“ Time ??“ Protocol ??“ Source IP Source Port ??“ Dest.
IP ??“ Dest Port
*Note: Keep in mind that the traffic you see is completely dependent upon the
environment the computer ???sniffing??? resides in.
Pages:
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110