In this article, we are going to learn how to capture traffic. We are going to capture network traffic with a packet sniffer tool called tcpdump. This tool is used to filter or capture TCP/IP packets that are transferred or received over a network.
Prerequisites
Besides having a terminal open, we need to remember a few concepts:
- Make sure the tcpdump tool is installed on your machine
Network Traffic Capature
Now we are going to use some tcpdump
commands to capture packets:
- To capture packets from an interface, use the following code:
$ sudo tcpdump -i eth0
- To print the captured packets in ASCII values, use the following code:
$ sudo tcpdump -A -i eth0
- To capture a specific number of packets, use the following code:
$ sudo tcpdump -c 10 -i eth0
- To print the captured packets in HEX and ASCII, use the following code:
$ sudo tcpdump -XX -i eth0
- To capture and save the packets in a specific file, use the following code:
$ sudo tcpdump -w 111.pcap -i eth0
- To capture IP address packets, use the following code:
$ sudo tcpdump -n -i eth0
- To read the captured packets, use the following code:
$ sudo tcpdump -r 111.pcap
Now we are going to look at an explanation of tcpdump
and the commands we are using.
How it works
We used the tcpdump Linux tool, which is used to capture or filter data packets. tcpdump is used to capture a packet on a specific interface. We used the -i
option for this. We can save captured packets in a file. Just give the filename and specify the -w
option in the tcpdump
command. We can read the file by giving the -r
option to read the file in the tcpdump
command.
0 Comments