TCPdump®

By: Tomasz Politowski

Kl IVA.

What is it???

Tcpdump- is a common packet sniffer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. It was originally written by Van Jacobson, Craig Leres and Steven McCanne who were, at the time, working in the Lawrence Berkeley Laboratory Network Research Group.

Common uses of tcpdump.Tcpdump is frequently used to debug applications that generate or receive network traffic. It can also be used for debugging the network setup itself, by determining whether all necessary routing is occurring properly, allowing the user to further isolate the source of a problem.It is also possible to use tcpdump for the specific purpose of intercepting and displaying the communications of another user or computer. A user with the necessary privileges on a system acting as a router or gateway through which unencrypted traffic such as TELNET or HTTP passes can use tcpdump to view login IDs, passwords, the URLs and content of websites being viewed, or any other unencrypted information.

Example of Use tcpdump command:

After you type the command tcpdump displays all received packets. To filter packets, you can specify the type of quotation marks in the protocol (ARP, RARP, TCP, UDP, IPX, etc.), port (eg port 21, portrange 100-200), for example:root@TEAM:/home/a# tcpdump 'tcp portrange 3000-5000' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 11:52:01.178363 IP xdsl-2581.lubin.dialog.net.pl.4858 > 192.168.0.17.41857: S 2934274754:2934274754(0) win 65535 <mss 1460,nop,nop,sackOK> 11:52:01.362946 IP mcast-62-eit.man.poznan.pl.3792 > 192.168.0.17.41857: S 4223811393:4223811393(0) win 65535 <mss 1460,nop,nop,sackOK> 11:52:04.033362 IP xdsl-2581.lubin.dialog.net.pl.4858 > 192.168.0.17.41857: S 2934274754:2934274754(0) win 65535 <mss 1460,nop,nop,sackOK> 11:52:04.279834 IP mcast-62-eit.man.poznan.pl.3792 > 192.168.0.17.41857: S 4223811393:4223811393(0) win 65535 <mss 1460,nop,nop,sackOK> 11:52:04.560306 IP aotm.npgo.pl.40000 > 192.168.0.17.3894: P 2678547069:2678547239(170) ack 889594676 win 65535 5 packets captured 12 packets received by filter 0 packets dropped by kernel

USAGE:

     * Bug tracking application that uses network communications

     * Analyze the network configuration such as routing

     * Intercept network communications of other users. Some protocols such as HTTPor telnet send

the information in unencrypted form. You control router or gateway on the way the transmission can use tcpdump to capture information such as login

or password.

Thanks you for your attention!!!