SlideShare ist ein Scribd-Unternehmen logo

Tc pdump mod

S
Sini

TCP Dump

Software
1 von 17
Network Traffic Monitoring Using Tcpdump & Wireshark
Motivation for Network Monitoring • Essential for Network Management – Router and Firewall policy – Detecting abnormal/error in networking – Access control • Security Management – Detecting abnormal traffic – Traffic log for future forensic analysis 2
TCPDUMP
INTRODUCTION TCPdump is a utility used to capture and analyze packets on network interface. common computer network debugging tool runs under command line. A piece of software that gives insight into the traffic activity occurs on network. Allows user to intercept and display TCP/IP and other packets being transmitted or received over a network. Frequently used to debug applications that generate or receive network traffic. Also used for debugging the network setup itself, by determining whether all necessary routing is occurring properly, allowing the user to further isolate the source of a problem.
What is TCPdump? TCPdump is a UNIX tool. Used to gather data from network, decipher the bits, and display the output to the screen or they can be saved to a file for later analysis. TCPdump uses the libpcap library to capture packets. TCPdump is run by issuing the command tcpdump to read all the traffic from the default network interface. Has a filter that enables user to specify the records they interested in collecting. TCPdump displays records on the console, translated from native raw output format to a human-readable format.
TCPDUMP • Syntax: tcpdump [options] [filter expression] • Basic commnad Eg: tcpdump -i eth0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 16:34:57.266865 IP 173.194.36.6 > 192.168.1.101: ICMP echo reply, id 19941, seq 1176, length 64 16:34:57.267226 IP 192.168.1.101.21271 > 218.248.255.163.53: 23380+ PTR? 6.36.194.173.in-addr.arpa. (43) 16:34:57.274549 IP 218.248.255.163.53 > 192.168.1.101.21271: 23380 1/4/2 PTR bom04s01-in-f6.1e100.net. (195) 16:34:57.297874 IP 192.168.1.101.56295 > 186.105.77.150.38213: UDP, length 105
TCPDUMP OUTPUT • One of the hardest tasks for the novice analyst to master is decrypting TCPdumb output. • TCPdumb output is fairly standard for the different protocols (TCP,UDP,ICMP, for example), but does have some nuances. • The first step is to identify protocols that you are examining • TCP output will be used to explain the general TCPdump format. Here is a TCP record displayed by TCPdump:
8 01:46:28.808262 IP danjo.CS.Berkeley.EDU.ssh > adsl-69-228-230-7.dsl.pltn13.pacbell.net.2481: . 2513546054:2513547434(1380) ack 1268355216 win 12816 Timestamp This is an IP packetSource host nameSource port number (22) Destination host name Destination port number TCP specific information • Different output formats for different packet types What does a line convey?
TCPdump Flags TCP Flag Flag Rep Flag Meaning SYN S This is a session establishment request, which is the first part of any TCP connection ACK ack This flag is used generally to acknowledge the receipt of data from the sender. FIN F This flag indicates the sender’s intention to gracefully terminate the sending host’s connection to the receiving host. RESET R This flag indicates the sender’s intention to immediately abort the existing connection with the receiving host. PUSH P This flag immediately “pushes” data from the sending host to the receiving host’s application software. URGENT urg This flag indicates that there is “urgent” data should take precedence over other data. An example of this is pressing Ctrl+C to abort an FTP download. Placeholder . If the connection does not have a SYN, FIN, RESET, or PUSH flag set, a placeholder (a period) will be found after the destination port.
Commands • tcpdump –D :- List network interfaces • tcpdump -i eth0 tcpdump -i 1 :- To use one of listed interfaces interface name or index can be used • tcpdump -i eth0 -c 10 • tcpdump -i eth0 -c 10 -n • tcpdump -i eth0 -c 10 –A • tcpdump -i eth0 -c 10 -XX • tcpdump -i eth0 -e • tcpdump -i eth0 tcp • tcpdump -i eth0 port 21 • tcpdump -i eth0 src 192.168.0.2 • tcpdump -i eth0 dst 50.116.66.139
Continue… To write the raw output to a file; use the command tcpdump –w filename , filename is the name of the file to which the records will be written in binary format. To read this output file , another command line option is necessary: tcpdump –r filename. This option reads input to TCPdump from filename rather than from the default network interface. The user can read a file that has been written using the –w option only by using TCPdump with the –r option.
ALTERING THE AMOUNT OF DATA COLLECTED TCPdump does not collect the entire datagram sent due to volume concerns and user’s interest in the header portions of the datagram that usually collected with default length. The snapshot length, sometimes known as snaplen, determines the exact number of bytes collected. Most common lengths of collected data is 68 bytes.
13 Running tcpdump • Requires superuser/administrator privileges on Unix – http://www.tcpdump.org/ – You can do it on your own Unix machine – You can install a Linux OS in Vmware on your machine • Tcpdump for Windows – WinDump: http://www.winpcap.org/windump/ • Free software • Refer the tcpdump man page.
So What is WireShark? • Packet sniffer/protocol analyzer • GUI Based Tool • Open Source Network Tool • Latest version of the ethereal tool
Wireshark • http://www.wireshark.org/ • Download: http://prdownloads.sourceforge.net/wireshark/wires hark- setup-0 99 5 exe 0.99.5.exe • Wireshark User's Guide http://www wireshark org/docs/wsug html/
16 Wireshark Interface
Tc pdump mod

Empfohlen

TCPdump-Wireshark
TCPdump-WiresharkTCPdump-Wireshark
TCPdump-WiresharkHarsh Singh
 
Tcpdump
TcpdumpTcpdump
TcpdumpSourav Roy
 
Networking essentials lect3
Networking essentials lect3Networking essentials lect3
Networking essentials lect3Roman Brovko
 
Ch21
Ch21Ch21
Ch21tejindershami
 
Tftp client server communication
Tftp client server communicationTftp client server communication
Tftp client server communicationUday Sharma
 
Tcpdump
TcpdumpTcpdump
TcpdumpMohamed Gamel
 
Networking essentials lect2
Networking essentials lect2Networking essentials lect2
Networking essentials lect2Roman Brovko
 
Gl embedded starterkit_ethernet
Gl embedded starterkit_ethernetGl embedded starterkit_ethernet
Gl embedded starterkit_ethernetRoman Brovko
 

Empfohlen

TCPdump-Wireshark
TCPdump-WiresharkTCPdump-Wireshark
TCPdump-WiresharkHarsh Singh
 
Tcpdump
TcpdumpTcpdump
TcpdumpSourav Roy
 
Networking essentials lect3
Networking essentials lect3Networking essentials lect3
Networking essentials lect3Roman Brovko
 
Ch21
Ch21Ch21
Ch21tejindershami
 
Tftp client server communication
Tftp client server communicationTftp client server communication
Tftp client server communicationUday Sharma
 
Tcpdump
TcpdumpTcpdump
TcpdumpMohamed Gamel
 
Networking essentials lect2
Networking essentials lect2Networking essentials lect2
Networking essentials lect2Roman Brovko
 
Gl embedded starterkit_ethernet
Gl embedded starterkit_ethernetGl embedded starterkit_ethernet
Gl embedded starterkit_ethernetRoman Brovko
 
FTP & TFTP
FTP & TFTPFTP & TFTP
FTP & TFTPNetProtocol Xpert
 
Wireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersWireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersYoram Orzach
 
User Datagram Protocol
User Datagram ProtocolUser Datagram Protocol
User Datagram ProtocolPurushottam Kamble
 
TFTP
TFTPTFTP
TFTPAkshay Thakur
 
Udp
UdpUdp
Udpkundan sahani
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsSachidananda Sahu
 
Ch11
Ch11Ch11
Ch11tejindershami
 
F5 tcpdump
F5 tcpdumpF5 tcpdump
F5 tcpdumpalex wade
 
Chap 09 icmp
Chap 09 icmpChap 09 icmp
Chap 09 icmpNoctorous Jamal
 
Chap 11
Chap 11Chap 11
Chap 11north gujarat university,patan
 
TFTP - Trivial File Transfer Protocol
TFTP - Trivial File Transfer ProtocolTFTP - Trivial File Transfer Protocol
TFTP - Trivial File Transfer ProtocolPeter R. Egli
 
Tcp
TcpTcp
TcpVarsha Kumar
 
Tomasz P from Poland
Tomasz P from PolandTomasz P from Poland
Tomasz P from Polandirenazd
 
Ch 03 --- the OpenFlow protocols
Ch 03 --- the OpenFlow protocolsCh 03 --- the OpenFlow protocols
Ch 03 --- the OpenFlow protocolsYoram Orzach
 
Firewalls rules using iptables in linux
Firewalls rules using iptables in linuxFirewalls rules using iptables in linux
Firewalls rules using iptables in linuxaamir lucky
 
Tcpip 1
Tcpip 1Tcpip 1
Tcpip 1myrajendra
 
Chap 17 dns
Chap 17 dnsChap 17 dns
Chap 17 dnsNoctorous Jamal
 
Chap 12 tcp
Chap 12 tcpChap 12 tcp
Chap 12 tcpSparsh Samir
 
User Datagram protocol For Msc CS
User Datagram protocol For Msc CSUser Datagram protocol For Msc CS
User Datagram protocol For Msc CSThanveen
 
Features of tcp (part 2) .68
Features of tcp (part 2) .68Features of tcp (part 2) .68
Features of tcp (part 2) .68myrajendra
 
wireshark.pdf
wireshark.pdfwireshark.pdf
wireshark.pdfssuserafc27c
 
Packet capture in network security
Packet capture in network securityPacket capture in network security
Packet capture in network securityChippy Thomas
 

Weitere ähnliche Inhalte

Was ist angesagt?

Wireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersWireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersYoram Orzach
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsSachidananda Sahu
 
TFTP - Trivial File Transfer Protocol
TFTP - Trivial File Transfer ProtocolTFTP - Trivial File Transfer Protocol
TFTP - Trivial File Transfer ProtocolPeter R. Egli
 
Tomasz P from Poland
Tomasz P from PolandTomasz P from Poland
Tomasz P from Polandirenazd
 
Ch 03 --- the OpenFlow protocols
Ch 03 --- the OpenFlow protocolsCh 03 --- the OpenFlow protocols
Ch 03 --- the OpenFlow protocolsYoram Orzach
 
Firewalls rules using iptables in linux
Firewalls rules using iptables in linuxFirewalls rules using iptables in linux
Firewalls rules using iptables in linuxaamir lucky
 
User Datagram protocol For Msc CS
User Datagram protocol For Msc CSUser Datagram protocol For Msc CS
User Datagram protocol For Msc CSThanveen
 
Features of tcp (part 2) .68
Features of tcp (part 2) .68Features of tcp (part 2) .68
Features of tcp (part 2) .68myrajendra
 

Was ist angesagt? (20)

FTP & TFTP
FTP & TFTPFTP & TFTP
FTP & TFTP
 
Wireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filtersWireshark course, Ch 03: Capture and display filters
Wireshark course, Ch 03: Capture and display filters
 
User Datagram Protocol
User Datagram ProtocolUser Datagram Protocol
User Datagram Protocol
 
TFTP
TFTPTFTP
TFTP
 
Udp
UdpUdp
Udp
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance tools
 
Ch11
Ch11Ch11
Ch11
 
F5 tcpdump
F5 tcpdumpF5 tcpdump
F5 tcpdump
 
Chap 09 icmp
Chap 09 icmpChap 09 icmp
Chap 09 icmp
 
Chap 11
Chap 11Chap 11
Chap 11
 
TFTP - Trivial File Transfer Protocol
TFTP - Trivial File Transfer ProtocolTFTP - Trivial File Transfer Protocol
TFTP - Trivial File Transfer Protocol
 
Tcp
TcpTcp
Tcp
 
Tomasz P from Poland
Tomasz P from PolandTomasz P from Poland
Tomasz P from Poland
 
Ch 03 --- the OpenFlow protocols
Ch 03 --- the OpenFlow protocolsCh 03 --- the OpenFlow protocols
Ch 03 --- the OpenFlow protocols
 
Firewalls rules using iptables in linux
Firewalls rules using iptables in linuxFirewalls rules using iptables in linux
Firewalls rules using iptables in linux
 
Tcpip 1
Tcpip 1Tcpip 1
Tcpip 1
 
Chap 17 dns
Chap 17 dnsChap 17 dns
Chap 17 dns
 
Chap 12 tcp
Chap 12 tcpChap 12 tcp
Chap 12 tcp
 
User Datagram protocol For Msc CS
User Datagram protocol For Msc CSUser Datagram protocol For Msc CS
User Datagram protocol For Msc CS
 
Features of tcp (part 2) .68
Features of tcp (part 2) .68Features of tcp (part 2) .68
Features of tcp (part 2) .68
 

Ähnlich wie Tc pdump mod

Packet capture in network security
Packet capture in network securityPacket capture in network security
Packet capture in network securityChippy Thomas
 
Abandon Decades-Old TCPdump for Modern Troubleshooting
Abandon Decades-Old TCPdump for Modern TroubleshootingAbandon Decades-Old TCPdump for Modern Troubleshooting
Abandon Decades-Old TCPdump for Modern TroubleshootingAvi Networks
 
Traffic-Monitoring.ppt
Traffic-Monitoring.pptTraffic-Monitoring.ppt
Traffic-Monitoring.pptSenthil Vit
 
Traffic-Monitoring.ppt
Traffic-Monitoring.pptTraffic-Monitoring.ppt
Traffic-Monitoring.pptssuser0a05422
 
Traffic-Monitoring.ppt
Traffic-Monitoring.pptTraffic-Monitoring.ppt
Traffic-Monitoring.pptToffeeLomerz
 
Traffic monitoring
Traffic monitoringTraffic monitoring
Traffic monitoringRadu Galbenu
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Finalmasoodnt10
 
Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdumpLev Walkin
 
Transport Layer Port or TCP/IP & UDP Port
Transport Layer Port or TCP/IP & UDP PortTransport Layer Port or TCP/IP & UDP Port
Transport Layer Port or TCP/IP & UDP PortNetwax Lab
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferenceCengage Learning
 

Ähnlich wie Tc pdump mod (20)

wireshark.pdf
wireshark.pdfwireshark.pdf
wireshark.pdf
 
Packet capture in network security
Packet capture in network securityPacket capture in network security
Packet capture in network security
 
Abandon Decades-Old TCPdump for Modern Troubleshooting
Abandon Decades-Old TCPdump for Modern TroubleshootingAbandon Decades-Old TCPdump for Modern Troubleshooting
Abandon Decades-Old TCPdump for Modern Troubleshooting
 
Traffic-Monitoring.ppt
Traffic-Monitoring.pptTraffic-Monitoring.ppt
Traffic-Monitoring.ppt
 
Traffic-Monitoring.ppt
Traffic-Monitoring.pptTraffic-Monitoring.ppt
Traffic-Monitoring.ppt
 
Traffic-Monitoring.ppt
Traffic-Monitoring.pptTraffic-Monitoring.ppt
Traffic-Monitoring.ppt
 
CN 1.docx
CN 1.docxCN 1.docx
CN 1.docx
 
Day2
Day2Day2
Day2
 
Traffic monitoring
Traffic monitoringTraffic monitoring
Traffic monitoring
 
TCP IP
TCP IP TCP IP
TCP IP
 
nwlab-ex1.pdf
nwlab-ex1.pdfnwlab-ex1.pdf
nwlab-ex1.pdf
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
 
Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdump
 
Bt0076 tcp ip
Bt0076 tcp ipBt0076 tcp ip
Bt0076 tcp ip
 
Icmp
IcmpIcmp
Icmp
 
Icmp
IcmpIcmp
Icmp
 
Transport Layer Port or TCP/IP & UDP Port
Transport Layer Port or TCP/IP & UDP PortTransport Layer Port or TCP/IP & UDP Port
Transport Layer Port or TCP/IP & UDP Port
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing Conference
 
Network traffic analysis course
Network traffic analysis courseNetwork traffic analysis course
Network traffic analysis course
 
Services
ServicesServices
Services
 

Kürzlich hochgeladen

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...software pro Development
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 

Kürzlich hochgeladen (20)

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 

Tc pdump mod

  • 1. Network Traffic Monitoring Using Tcpdump & Wireshark
  • 2. Motivation for Network Monitoring • Essential for Network Management – Router and Firewall policy – Detecting abnormal/error in networking – Access control • Security Management – Detecting abnormal traffic – Traffic log for future forensic analysis 2
  • 4. INTRODUCTION TCPdump is a utility used to capture and analyze packets on network interface. common computer network debugging tool runs under command line. A piece of software that gives insight into the traffic activity occurs on network. Allows user to intercept and display TCP/IP and other packets being transmitted or received over a network. Frequently used to debug applications that generate or receive network traffic. Also used for debugging the network setup itself, by determining whether all necessary routing is occurring properly, allowing the user to further isolate the source of a problem.
  • 5. What is TCPdump? TCPdump is a UNIX tool. Used to gather data from network, decipher the bits, and display the output to the screen or they can be saved to a file for later analysis. TCPdump uses the libpcap library to capture packets. TCPdump is run by issuing the command tcpdump to read all the traffic from the default network interface. Has a filter that enables user to specify the records they interested in collecting. TCPdump displays records on the console, translated from native raw output format to a human-readable format.
  • 6. TCPDUMP • Syntax: tcpdump [options] [filter expression] • Basic commnad Eg: tcpdump -i eth0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 16:34:57.266865 IP 173.194.36.6 > 192.168.1.101: ICMP echo reply, id 19941, seq 1176, length 64 16:34:57.267226 IP 192.168.1.101.21271 > 218.248.255.163.53: 23380+ PTR? 6.36.194.173.in-addr.arpa. (43) 16:34:57.274549 IP 218.248.255.163.53 > 192.168.1.101.21271: 23380 1/4/2 PTR bom04s01-in-f6.1e100.net. (195) 16:34:57.297874 IP 192.168.1.101.56295 > 186.105.77.150.38213: UDP, length 105
  • 7. TCPDUMP OUTPUT • One of the hardest tasks for the novice analyst to master is decrypting TCPdumb output. • TCPdumb output is fairly standard for the different protocols (TCP,UDP,ICMP, for example), but does have some nuances. • The first step is to identify protocols that you are examining • TCP output will be used to explain the general TCPdump format. Here is a TCP record displayed by TCPdump:
  • 8. 8 01:46:28.808262 IP danjo.CS.Berkeley.EDU.ssh > adsl-69-228-230-7.dsl.pltn13.pacbell.net.2481: . 2513546054:2513547434(1380) ack 1268355216 win 12816 Timestamp This is an IP packetSource host nameSource port number (22) Destination host name Destination port number TCP specific information • Different output formats for different packet types What does a line convey?
  • 9. TCPdump Flags TCP Flag Flag Rep Flag Meaning SYN S This is a session establishment request, which is the first part of any TCP connection ACK ack This flag is used generally to acknowledge the receipt of data from the sender. FIN F This flag indicates the sender’s intention to gracefully terminate the sending host’s connection to the receiving host. RESET R This flag indicates the sender’s intention to immediately abort the existing connection with the receiving host. PUSH P This flag immediately “pushes” data from the sending host to the receiving host’s application software. URGENT urg This flag indicates that there is “urgent” data should take precedence over other data. An example of this is pressing Ctrl+C to abort an FTP download. Placeholder . If the connection does not have a SYN, FIN, RESET, or PUSH flag set, a placeholder (a period) will be found after the destination port.
  • 10. Commands • tcpdump –D :- List network interfaces • tcpdump -i eth0 tcpdump -i 1 :- To use one of listed interfaces interface name or index can be used • tcpdump -i eth0 -c 10 • tcpdump -i eth0 -c 10 -n • tcpdump -i eth0 -c 10 –A • tcpdump -i eth0 -c 10 -XX • tcpdump -i eth0 -e • tcpdump -i eth0 tcp • tcpdump -i eth0 port 21 • tcpdump -i eth0 src 192.168.0.2 • tcpdump -i eth0 dst 50.116.66.139
  • 11. Continue… To write the raw output to a file; use the command tcpdump –w filename , filename is the name of the file to which the records will be written in binary format. To read this output file , another command line option is necessary: tcpdump –r filename. This option reads input to TCPdump from filename rather than from the default network interface. The user can read a file that has been written using the –w option only by using TCPdump with the –r option.
  • 12. ALTERING THE AMOUNT OF DATA COLLECTED TCPdump does not collect the entire datagram sent due to volume concerns and user’s interest in the header portions of the datagram that usually collected with default length. The snapshot length, sometimes known as snaplen, determines the exact number of bytes collected. Most common lengths of collected data is 68 bytes.
  • 13. 13 Running tcpdump • Requires superuser/administrator privileges on Unix – http://www.tcpdump.org/ – You can do it on your own Unix machine – You can install a Linux OS in Vmware on your machine • Tcpdump for Windows – WinDump: http://www.winpcap.org/windump/ • Free software • Refer the tcpdump man page.
  • 14. So What is WireShark? • Packet sniffer/protocol analyzer • GUI Based Tool • Open Source Network Tool • Latest version of the ethereal tool
  • 15. Wireshark • http://www.wireshark.org/ • Download: http://prdownloads.sourceforge.net/wireshark/wires hark- setup-0 99 5 exe 0.99.5.exe • Wireshark User's Guide http://www wireshark org/docs/wsug html/