Study of tcpdump Command

 

Experiment

Study of tcpdump Command

๐ŸŽฏ Aim

To capture and analyze network packets using the tcpdump command.

๐Ÿ“˜ Objective

By the end of this experiment, students will be able to:

  • Capture live network traffic
  • Filter packets based on protocol, port, or host
  • Analyze packet-level communication
  • Understand basic packet structure

๐Ÿ“– Theory

The tcpdump command is a packet analyzer (sniffer) used to:

  • Capture network packets in real time
  • Display detailed information about each packet

๐Ÿ‘‰ It works at a low level and can capture:

  • TCP, UDP, ICMP traffic
  • Packets to/from specific hosts or ports

๐Ÿ‘‰ Commonly used for:

  • Network troubleshooting
  • Security analysis
  • Debugging network applications

๐Ÿงพ Syntax

sudo tcpdump [options] [filter]

๐Ÿ”ง Common Options

  • -i <interface> → Specify interface (e.g., eth0)
  • -n → Do not resolve hostnames
  • -c <count> → Capture limited number of packets
  • -w <file> → Save packets to file
  • -r <file> → Read packets from file
  • -v, -vv, -vvv → Verbose output

๐Ÿงฐ Prerequisites

  • Linux system
  • Root/sudo privileges
  • tcpdump installed

Installation:

sudo apt install tcpdump

๐Ÿ”ฌ Procedure & Commands

1️⃣ Capture Packets on Default Interface

sudo tcpdump

2️⃣ Capture on Specific Interface

sudo tcpdump -i eth0

3️⃣ Capture Limited Packets

sudo tcpdump -c 10

4️⃣ Disable Hostname Resolution

sudo tcpdump -n

5️⃣ Capture Only ICMP (Ping Traffic)

sudo tcpdump icmp

6️⃣ Capture Traffic for Specific Host

sudo tcpdump host 192.168.1.1

7️⃣ Capture Specific Port Traffic

sudo tcpdump port 80

8️⃣ Save Packets to File

sudo tcpdump -w capture.pcap

9️⃣ Read from Saved File

tcpdump -r capture.pcap

๐Ÿ–ฅ️ Sample Output

IP 192.168.1.5.54321 > 142.250.183.14.80: Flags [S], seq 12345

๐Ÿ” Output Interpretation

FieldMeaning
IP        Protocol
Source        Source IP and port
Destination        Destination IP and port
Flags        TCP flags (S = SYN, A = ACK)
seq        Sequence number

๐Ÿ”‘ Common TCP Flags

  • S → SYN (connection start)
  • A → ACK (acknowledgment)
  • F → FIN (connection close)
  • R → RST (reset)

๐Ÿ“ Exercises for Students

  1. Capture packets while browsing a website.
  2. Filter only ICMP packets and run ping.
  3. Capture traffic for a specific port (e.g., 80).
  4. Save captured packets and analyze later.
  5. Identify TCP handshake packets (SYN, ACK).

❓ Viva Questions

  • What is tcpdump?
  • What is packet sniffing?
  • Why are root privileges required?
  • What is a .pcap file?
  • What are TCP flags?

⚠️ Precautions

  • ⚠️ Capture only authorized network traffic (ethical use)
  • Packet capture may expose sensitive data
  • Use filters to limit excessive output

✅ Result

The tcpdump command is a powerful tool for capturing and analyzing network packets, essential for network troubleshooting and security analysis.

Comments

Post a Comment

Popular posts from this blog

Networks Lab PCCSL507 Semester 5 KTU CS 2024 Scheme - Dr Binu V P

 About Me   Dr Binu V P Syllabus Learn Linux well before you start- refer blog Experiments Familiarize Linux networking commands ifconfig ifplugstatus iftop ping ip traceroute mtr netstat whois nmap nmcli speedtest-cli bmon nslookup tcpdump Wireshark     Download Wireshark     Wireshark Documentaion     Setting up a capture     Capturing Live network data      Analysis of HTTP Protocol using Wireshark Socket Programming Basic Implementation of  TCP Client Server Communication using sockets. TCP Client-Server Communication to Identify Matrix Type (Upper/Lower/Diagonal) Implementation of UDP Client-Server Communication using Sockets in C UDP Client-Server Communication for Translating “New Generation English” to Formal English Cisco's Packet Tracer
Read more

Analysis of HTTP Protocol using Wireshark

Experiment Title Analysis of HTTP Protocol using Wireshark Aim To capture and analyze HTTP packets using Wireshark and study the structure of HTTP request and response messages. Objective To understand HTTP request and response formats To analyze packet-level communication using Wireshark To extract protocol-specific information from captured traffic Software Required Wireshark Web Browser (Chrome / Firefox / Edge) Internet Connection Theory ๐ŸŒ What is HTTP? HTTP (HyperText Transfer Protocol) is an application-layer protocol used for communication between web clients (browsers) and web servers. ๐Ÿ” HTTP Communication Client sends a GET request Server responds with: Status code Requested resource Metadata ๐Ÿ“ฆ HTTP Message Types Request Message Contains: Method (GET, POST) URL Headers (Accept, User-Agent, etc.) Response Message Contains: Status code (200, 404, etc.) Headers (Content-Type, Content-Length, etc.) Body (HTML co...
Read more

Study and Use of ifconfig Command

   Experiment  Study and Use of ifconfig Command ๐ŸŽฏ Aim To familiarize students with the ifconfig command in Linux for viewing and configuring network interfaces. ๐Ÿ“˜ Objective By the end of this experiment, students will be able to: Display network interface details Enable/disable network interfaces Assign IP addresses manually Understand key networking parameters ๐Ÿงฐ Prerequisites Linux system (e.g., Ubuntu/Debian/Kali) Basic terminal knowledge Root or sudo privileges ๐Ÿ“– Theory The ifconfig ( interface configuration ) command is used to: View network interface configuration Assign IP addresses Enable or disable interfaces ⚠️ Note: On modern systems, ifconfig is deprecated and replaced by the ip command (from iproute2 ), but it is still widely used for learning and legacy systems. ๐Ÿงพ Syntax ifconfig [interface] [options] interface → Network interface name (e.g., eth0 , wlan0 ) options → Actions like up, down, assigning...
Read more