In this article, we are going to learn how to capture traffic. We are going to capture network traffic with a packet sniffer tool called tcpdump. This tool is used to filter or capture TCP/IP packets that are transferred or received over a network.
Besides having a terminal open, we need to remember a few concepts:
- Make sure the tcpdump tool is installed on your machine
Now we are going to use some tcpdump commands to capture packets:
- To capture packets from an interface, use the following code:
[et_pb_dmb_code_snippet code=”JCBzdWRvIHRjcGR1bXAgLWkgZXRoMA==” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JCBzdWRvIHRjcGR1bXAgLWkgZXRoMA==[/et_pb_dmb_code_snippet]
- To print the captured packets in ASCII values, use the following code:
[et_pb_dmb_code_snippet code=”JCBzdWRvIHRjcGR1bXAgLUEgLWkgZXRoMA==” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JCBzdWRvIHRjcGR1bXAgLUEgLWkgZXRoMA==[/et_pb_dmb_code_snippet]
- To capture a specific number of packets, use the following code:
[et_pb_dmb_code_snippet code=”JCBzdWRvIHRjcGR1bXAgLWMgMTAgLWkgZXRoMA==” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JCBzdWRvIHRjcGR1bXAgLWMgMTAgLWkgZXRoMA==[/et_pb_dmb_code_snippet]
- To print the captured packets in HEX and ASCII, use the following code:
[et_pb_dmb_code_snippet code=”JCBzdWRvIHRjcGR1bXAgLVhYIC1pIGV0aDA=” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JCBzdWRvIHRjcGR1bXAgLVhYIC1pIGV0aDA=[/et_pb_dmb_code_snippet]
- To capture and save the packets in a specific file, use the following code:
[et_pb_dmb_code_snippet code=”JCBzdWRvIHRjcGR1bXAgLXcgMTExLnBjYXAgLWkgZXRoMA==” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JCBzdWRvIHRjcGR1bXAgLXcgMTExLnBjYXAgLWkgZXRoMA==[/et_pb_dmb_code_snippet]
- To capture IP address packets, use the following code:
[et_pb_dmb_code_snippet code=”JCBzdWRvIHRjcGR1bXAgLW4gLWkgZXRoMA==” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JCBzdWRvIHRjcGR1bXAgLW4gLWkgZXRoMA==[/et_pb_dmb_code_snippet]
- To read the captured packets, use the following code:
[et_pb_dmb_code_snippet code=”JCBzdWRvIHRjcGR1bXAgLXIgMTExLnBjYXA=” copy_button=”on” _builder_version=”4.9.4″ _module_preset=”3a2d4e4b-f2ae-4571-a284-ca584312491f” hover_enabled=”0″ sticky_enabled=”0″]JCBzdWRvIHRjcGR1bXAgLXIgMTExLnBjYXA=[/et_pb_dmb_code_snippet]
Now we are going to look at an explanation of tcpdump and the commands we are using.
We used the tcpdump Linux tool, which is used to capture or filter data packets. tcpdump is used to capture a packet on a specific interface. We used the -i option for this. We can save captured packets in a file. Just give the filename and specify the -w option in the tcpdump command. We can read the file by giving the -r option to read the file in the tcpdump command.
0 Comments