SlideShare a Scribd company logo

Tc pdump mod

S
Sini

This document discusses network traffic monitoring tools Tcpdump and Wireshark. It provides an overview of tcpdump including its purpose, basic syntax, output format, and commands. It describes tcpdump as a command line tool used to capture and analyze packets on a network interface. It then introduces Wireshark as a graphical user interface-based alternative to tcpdump that provides similar network packet sniffing and analysis capabilities.

Software
1 of 17
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Network Traffic Monitoring Using Tcpdump & Wireshark
Motivation for Network Monitoring • Essential for Network Management – Router and Firewall policy – Detecting abnormal/error in networking – Access control • Security Management – Detecting abnormal traffic – Traffic log for future forensic analysis 2
TCPDUMP
INTRODUCTION TCPdump is a utility used to capture and analyze packets on network interface. common computer network debugging tool runs under command line. A piece of software that gives insight into the traffic activity occurs on network. Allows user to intercept and display TCP/IP and other packets being transmitted or received over a network. Frequently used to debug applications that generate or receive network traffic. Also used for debugging the network setup itself, by determining whether all necessary routing is occurring properly, allowing the user to further isolate the source of a problem.
What is TCPdump? TCPdump is a UNIX tool. Used to gather data from network, decipher the bits, and display the output to the screen or they can be saved to a file for later analysis. TCPdump uses the libpcap library to capture packets. TCPdump is run by issuing the command tcpdump to read all the traffic from the default network interface. Has a filter that enables user to specify the records they interested in collecting. TCPdump displays records on the console, translated from native raw output format to a human-readable format.
TCPDUMP • Syntax: tcpdump [options] [filter expression] • Basic commnad Eg: tcpdump -i eth0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 16:34:57.266865 IP 173.194.36.6 > 192.168.1.101: ICMP echo reply, id 19941, seq 1176, length 64 16:34:57.267226 IP 192.168.1.101.21271 > 218.248.255.163.53: 23380+ PTR? 6.36.194.173.in-addr.arpa. (43) 16:34:57.274549 IP 218.248.255.163.53 > 192.168.1.101.21271: 23380 1/4/2 PTR bom04s01-in-f6.1e100.net. (195) 16:34:57.297874 IP 192.168.1.101.56295 > 186.105.77.150.38213: UDP, length 105
TCPDUMP OUTPUT • One of the hardest tasks for the novice analyst to master is decrypting TCPdumb output. • TCPdumb output is fairly standard for the different protocols (TCP,UDP,ICMP, for example), but does have some nuances. • The first step is to identify protocols that you are examining • TCP output will be used to explain the general TCPdump format. Here is a TCP record displayed by TCPdump:
8 01:46:28.808262 IP danjo.CS.Berkeley.EDU.ssh > adsl-69-228-230-7.dsl.pltn13.pacbell.net.2481: . 2513546054:2513547434(1380) ack 1268355216 win 12816 Timestamp This is an IP packetSource host nameSource port number (22) Destination host name Destination port number TCP specific information • Different output formats for different packet types What does a line convey?
TCPdump Flags TCP Flag Flag Rep Flag Meaning SYN S This is a session establishment request, which is the first part of any TCP connection ACK ack This flag is used generally to acknowledge the receipt of data from the sender. FIN F This flag indicates the sender’s intention to gracefully terminate the sending host’s connection to the receiving host. RESET R This flag indicates the sender’s intention to immediately abort the existing connection with the receiving host. PUSH P This flag immediately “pushes” data from the sending host to the receiving host’s application software. URGENT urg This flag indicates that there is “urgent” data should take precedence over other data. An example of this is pressing Ctrl+C to abort an FTP download. Placeholder . If the connection does not have a SYN, FIN, RESET, or PUSH flag set, a placeholder (a period) will be found after the destination port.
Commands • tcpdump –D :- List network interfaces • tcpdump -i eth0 tcpdump -i 1 :- To use one of listed interfaces interface name or index can be used • tcpdump -i eth0 -c 10 • tcpdump -i eth0 -c 10 -n • tcpdump -i eth0 -c 10 –A • tcpdump -i eth0 -c 10 -XX • tcpdump -i eth0 -e • tcpdump -i eth0 tcp • tcpdump -i eth0 port 21 • tcpdump -i eth0 src 192.168.0.2 • tcpdump -i eth0 dst 50.116.66.139
Continue… To write the raw output to a file; use the command tcpdump –w filename , filename is the name of the file to which the records will be written in binary format. To read this output file , another command line option is necessary: tcpdump –r filename. This option reads input to TCPdump from filename rather than from the default network interface. The user can read a file that has been written using the –w option only by using TCPdump with the –r option.
ALTERING THE AMOUNT OF DATA COLLECTED TCPdump does not collect the entire datagram sent due to volume concerns and user’s interest in the header portions of the datagram that usually collected with default length. The snapshot length, sometimes known as snaplen, determines the exact number of bytes collected. Most common lengths of collected data is 68 bytes.
13 Running tcpdump • Requires superuser/administrator privileges on Unix – http://www.tcpdump.org/ – You can do it on your own Unix machine – You can install a Linux OS in Vmware on your machine • Tcpdump for Windows – WinDump: http://www.winpcap.org/windump/ • Free software • Refer the tcpdump man page.
So What is WireShark? • Packet sniffer/protocol analyzer • GUI Based Tool • Open Source Network Tool • Latest version of the ethereal tool
Wireshark • http://www.wireshark.org/ • Download: http://prdownloads.sourceforge.net/wireshark/wires hark- setup-0 99 5 exe 0.99.5.exe • Wireshark User's Guide http://www wireshark org/docs/wsug html/
16 Wireshark Interface
Tc pdump mod

More Related Content

PPT
TCPdump-Wireshark
Harsh Singh
 
PPTX
Tcpdump
Sourav Roy
 
PPTX
Networking essentials lect3
Roman Brovko
 
PPT
Ch21
tejindershami
 
DOCX
Tftp client server communication
Uday Sharma
 
PDF
Tcpdump
Mohamed Gamel
 
PPTX
Networking essentials lect2
Roman Brovko
 
PPTX
Gl embedded starterkit_ethernet
Roman Brovko
 
TCPdump-Wireshark
Harsh Singh
 
Tcpdump
Sourav Roy
 
Networking essentials lect3
Roman Brovko
 
Ch21
tejindershami
 
Tftp client server communication
Uday Sharma
 
Tcpdump
Mohamed Gamel
 
Networking essentials lect2
Roman Brovko
 
Gl embedded starterkit_ethernet
Roman Brovko
 

What's hot (20)

PPTX
FTP & TFTP
NetProtocol Xpert
 
PDF
Wireshark course, Ch 03: Capture and display filters
Yoram Orzach
 
PPTX
User Datagram Protocol
Purushottam Kamble
 
PPT
TFTP
Akshay Thakur
 
PPT
Udp
kundan sahani
 
PPTX
Wireshark, Tcpdump and Network Performance tools
Sachidananda Sahu
 
PPT
Ch11
tejindershami
 
PPTX
F5 tcpdump
alex wade
 
PPT
Chap 09 icmp
Noctorous Jamal
 
PPT
Chap 11
north gujarat university,patan
 
PDF
TFTP - Trivial File Transfer Protocol
Peter R. Egli
 
PPTX
Tcp
Varsha Kumar
 
PPT
Tomasz P from Poland
irenazd
 
PDF
Ch 03 --- the OpenFlow protocols
Yoram Orzach
 
PPTX
Firewalls rules using iptables in linux
aamir lucky
 
PPT
Tcpip 1
myrajendra
 
PPT
Chap 17 dns
Noctorous Jamal
 
PPT
Chap 12 tcp
Sparsh Samir
 
PPT
User Datagram protocol For Msc CS
Thanveen
 
PPT
Features of tcp (part 2) .68
myrajendra
 
FTP & TFTP
NetProtocol Xpert
 
Wireshark course, Ch 03: Capture and display filters
Yoram Orzach
 
User Datagram Protocol
Purushottam Kamble
 
TFTP
Akshay Thakur
 
Udp
kundan sahani
 
Wireshark, Tcpdump and Network Performance tools
Sachidananda Sahu
 
Ch11
tejindershami
 
F5 tcpdump
alex wade
 
Chap 09 icmp
Noctorous Jamal
 
Chap 11
north gujarat university,patan
 
TFTP - Trivial File Transfer Protocol
Peter R. Egli
 
Tcp
Varsha Kumar
 
Tomasz P from Poland
irenazd
 
Ch 03 --- the OpenFlow protocols
Yoram Orzach
 
Firewalls rules using iptables in linux
aamir lucky
 
Tcpip 1
myrajendra
 
Chap 17 dns
Noctorous Jamal
 
Chap 12 tcp
Sparsh Samir
 
User Datagram protocol For Msc CS
Thanveen
 
Features of tcp (part 2) .68
myrajendra
 
Ad

Similar to Tc pdump mod (20)

PPTX
Packet capture in network security
Chippy Thomas
 
PPT
Traffic-Monitoring.ppt
Senthil Vit
 
PPT
Traffic-Monitoring.ppt
ToffeeLomerz
 
PPT
Traffic-Monitoring.ppt
ssuser0a05422
 
PPT
Traffic monitoring
Radu Galbenu
 
PDF
wireshark.pdf
ssuserafc27c
 
PDF
Fundamentals of TCP, and dump analysis
Nipun Thathsara
 
DOCX
Chapter 3. sensors in the network domain
Phu Nguyen
 
PDF
Introduction to tcpdump
Lev Walkin
 
PPTX
Wireshark
antivirusspam
 
PPTX
Tcpdump hunter
Andrew McNicol
 
PPT
wiresharktslecturev10006july2009-12501942038813-phpapp03.ppt
RohitAhuja58
 
PDF
TCPDUMP
Martin Cabrera
 
PPTX
Abandon Decades-Old TCPdump for Modern Troubleshooting
Avi Networks
 
PDF
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
DevOpsDays Tel Aviv
 
PDF
Open Source Debugging v1.3.2
Matthew McCullough
 
PPT
Wireshark Basics
Yoram Orzach
 
PDF
CNIT 50: 6. Command Line Packet Analysis Tools
Sam Bowne
 
PDF
Network traffic analysis course
TECHNOLOGY CONTROL CO.
 
PPT
Day2
Jai4uk
 
Packet capture in network security
Chippy Thomas
 
Traffic-Monitoring.ppt
Senthil Vit
 
Traffic-Monitoring.ppt
ToffeeLomerz
 
Traffic-Monitoring.ppt
ssuser0a05422
 
Traffic monitoring
Radu Galbenu
 
wireshark.pdf
ssuserafc27c
 
Fundamentals of TCP, and dump analysis
Nipun Thathsara
 
Chapter 3. sensors in the network domain
Phu Nguyen
 
Introduction to tcpdump
Lev Walkin
 
Wireshark
antivirusspam
 
Tcpdump hunter
Andrew McNicol
 
wiresharktslecturev10006july2009-12501942038813-phpapp03.ppt
RohitAhuja58
 
TCPDUMP
Martin Cabrera
 
Abandon Decades-Old TCPdump for Modern Troubleshooting
Avi Networks
 
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
DevOpsDays Tel Aviv
 
Open Source Debugging v1.3.2
Matthew McCullough
 
Wireshark Basics
Yoram Orzach
 
CNIT 50: 6. Command Line Packet Analysis Tools
Sam Bowne
 
Network traffic analysis course
TECHNOLOGY CONTROL CO.
 
Day2
Jai4uk
 
Ad

Recently uploaded (20)

PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
PPTX
Computer Software and OS of computer science of grade 11.pptx
GauravDahal9
 
PPTX
history of c programming in notes for students .pptx
Vijayakumari829030
 
PPTX
Monitoring Stack: Grafana, Loki & Promtail
GhanshyamSwami3
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
PDF
iTop VPN 6.5.0 Crack + License Key 2025 (Premium Version)
youngle786g
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PPTX
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
PDF
CCleaner Pro 6.38.11537 Crack Final Latest Version 2025
itskinga12
 
PDF
Complete Guide to Website Development in Malaysia for SMEs
Asian Business Services & Technologies
 
PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
DOCX
Greta — No-Code AI for Building Full-Stack Web & Mobile Apps
niloyislam1187
 
PDF
Tally Prime Crack Download New Version 5.1 [2025] (License Key Free
itskinga12
 
PDF
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
ghrom2211g
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PDF
Download FL Studio Crack Latest version 2025 ?
ghrom2211g
 
PDF
AutoCAD Professional Crack 2025 With License Key
youngle786g
 
PDF
Digital Systems & Binary Numbers (comprehensive )
fyfhqfhtv2
 
Nekopoi APK 2025 free lastest update
umarali35kp
 
Computer Software and OS of computer science of grade 11.pptx
GauravDahal9
 
history of c programming in notes for students .pptx
Vijayakumari829030
 
Monitoring Stack: Grafana, Loki & Promtail
GhanshyamSwami3
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
iTop VPN 6.5.0 Crack + License Key 2025 (Premium Version)
youngle786g
 
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
CCleaner Pro 6.38.11537 Crack Final Latest Version 2025
itskinga12
 
Complete Guide to Website Development in Malaysia for SMEs
Asian Business Services & Technologies
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
Greta — No-Code AI for Building Full-Stack Web & Mobile Apps
niloyislam1187
 
Tally Prime Crack Download New Version 5.1 [2025] (License Key Free
itskinga12
 
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
ghrom2211g
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
Download FL Studio Crack Latest version 2025 ?
ghrom2211g
 
AutoCAD Professional Crack 2025 With License Key
youngle786g
 
Digital Systems & Binary Numbers (comprehensive )
fyfhqfhtv2
 

Tc pdump mod

  • 1. Network Traffic Monitoring Using Tcpdump & Wireshark
  • 2. Motivation for Network Monitoring • Essential for Network Management – Router and Firewall policy – Detecting abnormal/error in networking – Access control • Security Management – Detecting abnormal traffic – Traffic log for future forensic analysis 2
  • 4. INTRODUCTION TCPdump is a utility used to capture and analyze packets on network interface. common computer network debugging tool runs under command line. A piece of software that gives insight into the traffic activity occurs on network. Allows user to intercept and display TCP/IP and other packets being transmitted or received over a network. Frequently used to debug applications that generate or receive network traffic. Also used for debugging the network setup itself, by determining whether all necessary routing is occurring properly, allowing the user to further isolate the source of a problem.
  • 5. What is TCPdump? TCPdump is a UNIX tool. Used to gather data from network, decipher the bits, and display the output to the screen or they can be saved to a file for later analysis. TCPdump uses the libpcap library to capture packets. TCPdump is run by issuing the command tcpdump to read all the traffic from the default network interface. Has a filter that enables user to specify the records they interested in collecting. TCPdump displays records on the console, translated from native raw output format to a human-readable format.
  • 6. TCPDUMP • Syntax: tcpdump [options] [filter expression] • Basic commnad Eg: tcpdump -i eth0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 16:34:57.266865 IP 173.194.36.6 > 192.168.1.101: ICMP echo reply, id 19941, seq 1176, length 64 16:34:57.267226 IP 192.168.1.101.21271 > 218.248.255.163.53: 23380+ PTR? 6.36.194.173.in-addr.arpa. (43) 16:34:57.274549 IP 218.248.255.163.53 > 192.168.1.101.21271: 23380 1/4/2 PTR bom04s01-in-f6.1e100.net. (195) 16:34:57.297874 IP 192.168.1.101.56295 > 186.105.77.150.38213: UDP, length 105
  • 7. TCPDUMP OUTPUT • One of the hardest tasks for the novice analyst to master is decrypting TCPdumb output. • TCPdumb output is fairly standard for the different protocols (TCP,UDP,ICMP, for example), but does have some nuances. • The first step is to identify protocols that you are examining • TCP output will be used to explain the general TCPdump format. Here is a TCP record displayed by TCPdump:
  • 8. 8 01:46:28.808262 IP danjo.CS.Berkeley.EDU.ssh > adsl-69-228-230-7.dsl.pltn13.pacbell.net.2481: . 2513546054:2513547434(1380) ack 1268355216 win 12816 Timestamp This is an IP packetSource host nameSource port number (22) Destination host name Destination port number TCP specific information • Different output formats for different packet types What does a line convey?
  • 9. TCPdump Flags TCP Flag Flag Rep Flag Meaning SYN S This is a session establishment request, which is the first part of any TCP connection ACK ack This flag is used generally to acknowledge the receipt of data from the sender. FIN F This flag indicates the sender’s intention to gracefully terminate the sending host’s connection to the receiving host. RESET R This flag indicates the sender’s intention to immediately abort the existing connection with the receiving host. PUSH P This flag immediately “pushes” data from the sending host to the receiving host’s application software. URGENT urg This flag indicates that there is “urgent” data should take precedence over other data. An example of this is pressing Ctrl+C to abort an FTP download. Placeholder . If the connection does not have a SYN, FIN, RESET, or PUSH flag set, a placeholder (a period) will be found after the destination port.
  • 10. Commands • tcpdump –D :- List network interfaces • tcpdump -i eth0 tcpdump -i 1 :- To use one of listed interfaces interface name or index can be used • tcpdump -i eth0 -c 10 • tcpdump -i eth0 -c 10 -n • tcpdump -i eth0 -c 10 –A • tcpdump -i eth0 -c 10 -XX • tcpdump -i eth0 -e • tcpdump -i eth0 tcp • tcpdump -i eth0 port 21 • tcpdump -i eth0 src 192.168.0.2 • tcpdump -i eth0 dst 50.116.66.139
  • 11. Continue… To write the raw output to a file; use the command tcpdump –w filename , filename is the name of the file to which the records will be written in binary format. To read this output file , another command line option is necessary: tcpdump –r filename. This option reads input to TCPdump from filename rather than from the default network interface. The user can read a file that has been written using the –w option only by using TCPdump with the –r option.
  • 12. ALTERING THE AMOUNT OF DATA COLLECTED TCPdump does not collect the entire datagram sent due to volume concerns and user’s interest in the header portions of the datagram that usually collected with default length. The snapshot length, sometimes known as snaplen, determines the exact number of bytes collected. Most common lengths of collected data is 68 bytes.
  • 13. 13 Running tcpdump • Requires superuser/administrator privileges on Unix – http://www.tcpdump.org/ – You can do it on your own Unix machine – You can install a Linux OS in Vmware on your machine • Tcpdump for Windows – WinDump: http://www.winpcap.org/windump/ • Free software • Refer the tcpdump man page.
  • 14. So What is WireShark? • Packet sniffer/protocol analyzer • GUI Based Tool • Open Source Network Tool • Latest version of the ethereal tool
  • 15. Wireshark • http://www.wireshark.org/ • Download: http://prdownloads.sourceforge.net/wireshark/wires hark- setup-0 99 5 exe 0.99.5.exe • Wireshark User's Guide http://www wireshark org/docs/wsug html/