https://wiki.cdot.senecacollege.ca/w/index.php?title=NAD710_Lab_3&feed=atom&action=historyNAD710 Lab 3 - Revision history2024-03-29T09:56:25ZRevision history for this page on the wikiMediaWiki 1.30.0https://wiki.cdot.senecacollege.ca/w/index.php?title=NAD710_Lab_3&diff=17995&oldid=prevPdirezze: /* tcpdump command-line options */2008-09-23T00:18:07Z<p><span dir="auto"><span class="autocomment">tcpdump command-line options</span></span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr style="vertical-align: top;" lang="en">
<td colspan="2" style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: white; color:black; text-align: center;">Revision as of 00:18, 23 September 2008</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l6" >Line 6:</td>
<td colspan="2" class="diff-lineno">Line 6:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>=Background Information=</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>=Background Information=</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div><b>tcpdump</b> is a network packet capturing program. It allows the root user to capture packets on a network and displaying them on the screen or saving them to a file for later analysis. The information provided by <b>tcpdump</b> can be used for identifying network problems or analysing network usage.  Please consult the tcpdump man page for details.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div><b>tcpdump</b> is a network packet capturing program. It allows the root user to capture packets on a network and displaying them on the screen or saving them to a file for later analysis. The information provided by <b>tcpdump</b> can be used for identifying network problems or analysing network usage.  Please consult the tcpdump man page for details.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>== tcpdump command-line options==</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>== <ins class="diffchange diffchange-inline">Useful </ins>tcpdump command-line options==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> List of useful command line options for tcpdump:</del></div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* <ins class="diffchange diffchange-inline">Use the -D option to print </ins>a list of the network interfaces available on the system and on which tcpdump can capture packets.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* <del class="diffchange diffchange-inline">Print </del>a list of the network interfaces available on the system and on which tcpdump can capture packets.</div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">  tcpdump -D</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">  </del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   [root@rh9 ~]# tcpdump -D</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   [root@rh9 ~]# tcpdump -D</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   1.eth0</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   1.eth0</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l17" >Line 17:</td>
<td colspan="2" class="diff-lineno">Line 14:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   4.lo</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   4.lo</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* <del class="diffchange diffchange-inline">Specifies </del>the network interface which tcpdump should listen <del class="diffchange diffchange-inline">on</del>. If unspecified, tcpdump searches the system interface list for the lowest numbered, configured up interface. This option should be used on systems with multiple network interfaces <del class="diffchange diffchange-inline">if </del>you want tcpdump to listen <del class="diffchange diffchange-inline">on </del>a specific one.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* <ins class="diffchange diffchange-inline">The -i option specifies </ins>the network interface which tcpdump should listen <ins class="diffchange diffchange-inline">to</ins>. If unspecified, tcpdump searches the system interface list for the lowest numbered, configured up interface. This option should be used on systems with multiple network interfaces <ins class="diffchange diffchange-inline">when </ins>you want tcpdump to listen <ins class="diffchange diffchange-inline">to </ins>a specific one.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   tcpdump -i <dev></div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   tcpdump -i <dev></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l32" >Line 32:</td>
<td colspan="2" class="diff-lineno">Line 29:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   0 packets dropped by kernel</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   0 packets dropped by kernel</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* The -n option instructs tcpdump not to convert IP <del class="diffchange diffchange-inline">address </del>to host <del class="diffchange diffchange-inline">name, </del>-nn <del class="diffchange diffchange-inline">for not </del>to <del class="diffchange diffchange-inline">convert Port number </del>to application <del class="diffchange diffchange-inline">name</del>, etc. In this <del class="diffchange diffchange-inline">experiment</del>, you should always include the -n option to avoid host name lookup.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* The -n option instructs tcpdump not to convert IP <ins class="diffchange diffchange-inline">addresses </ins>to host <ins class="diffchange diffchange-inline">names.  The </ins>-nn <ins class="diffchange diffchange-inline">option is used </ins>to <ins class="diffchange diffchange-inline">keep tcpdump from converting port numbers </ins>to application <ins class="diffchange diffchange-inline">names</ins>, etc. In this <ins class="diffchange diffchange-inline">lab</ins>, you should always include the -n option to avoid host name lookup.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   tcpdump -n -i <dev></div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   tcpdump -n -i <dev></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>    </div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>    </div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l72" >Line 72:</td>
<td colspan="2" class="diff-lineno">Line 69:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   0 packets dropped by kernel</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   0 packets dropped by kernel</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* The -w option causes tcpdump to write <del class="diffchange diffchange-inline">the </del>raw packets to file rather than parsing and printing them out. The packets can later be displayed with the -r option.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* The -w option causes tcpdump to write <ins class="diffchange diffchange-inline">out </ins>raw packets to <ins class="diffchange diffchange-inline">a </ins>file rather than parsing and printing them out. The packets can later be displayed with the -r option.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   tcpdump -i <dev> -w <b><i>filename</i></b></div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   tcpdump -i <dev> -w <b><i>filename</i></b></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l81" >Line 81:</td>
<td colspan="2" class="diff-lineno">Line 78:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   0 packets dropped by kernel</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   0 packets dropped by kernel</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   </div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* The -r option causes tcpdump to read packets from file created with the -w option. Any <del class="diffchange diffchange-inline">users could </del>use <del class="diffchange diffchange-inline">the </del>tcpdump (/usr/sbin/tcpdump) <del class="diffchange diffchange-inline">program </del>to read the file created by the -w option as long as they have the read permission on <del class="diffchange diffchange-inline">it</del>.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* The -r option causes tcpdump to read packets from <ins class="diffchange diffchange-inline">a </ins>file created with the -w option. Any <ins class="diffchange diffchange-inline">(non-root) user can </ins>use tcpdump (/usr/sbin/tcpdump) to read the file created by the -w option as long as they have the read permission on <ins class="diffchange diffchange-inline">the file</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   tcpdump -r <b><i>filename</i></b></div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   tcpdump -r <b><i>filename</i></b></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
</table>Pdirezzehttps://wiki.cdot.senecacollege.ca/w/index.php?title=NAD710_Lab_3&diff=17984&oldid=prevMilton.paiva at 21:22, 22 September 20082008-09-22T21:22:49Z<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr style="vertical-align: top;" lang="en">
<td colspan="2" style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: white; color:black; text-align: center;">Revision as of 21:22, 22 September 2008</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l246" >Line 246:</td>
<td colspan="2" class="diff-lineno">Line 246:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div># Describe the steps you could use to find out all MAC addresses captured in the packet file. Include all the MAC addresses found in your answer.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div># Describe the steps you could use to find out all MAC addresses captured in the packet file. Include all the MAC addresses found in your answer.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div># Describe the steps you could use to find out the total number of bytes your system received from matrix.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div># Describe the steps you could use to find out the total number of bytes your system received from matrix.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"># Write a tcpdump command to capture all your traffic on port 80 and then open the website google.ca make a search about “arcade” and then verify your captured data.</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>=Completing this Lab=</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>=Completing this Lab=</div></td></tr>
</table>Milton.paivahttps://wiki.cdot.senecacollege.ca/w/index.php?title=NAD710_Lab_3&diff=17889&oldid=prevPconstantino: /* Questions */2008-09-21T22:48:57Z<p><span dir="auto"><span class="autocomment">Questions</span></span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr style="vertical-align: top;" lang="en">
<td colspan="2" style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: white; color:black; text-align: center;">Revision as of 22:48, 21 September 2008</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l238" >Line 238:</td>
<td colspan="2" class="diff-lineno">Line 238:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div># Write a tcpdump command to display all the packets your system sent to matrix. Do not do any name resolution for any fields in the packet but do display the physical addresses contained in the packets.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div># Write a tcpdump command to display all the packets your system sent to matrix. Do not do any name resolution for any fields in the packet but do display the physical addresses contained in the packets.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div># Write a tcpdump command to display all the packets sent to your system from matrix. Do not do any name resolution for any fields in the packet but do display the physical addresses contained in the packets.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div># Write a tcpdump command to display all the packets sent to your system from matrix. Do not do any name resolution for any fields in the packet but do display the physical addresses contained in the packets.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div># Write a tcpdump command to display all the ARP packets captured in the packet file. Include the output in your answer.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div># Write a tcpdump command to display all the ARP packets captured in the packet file <ins class="diffchange diffchange-inline">(lab3-pkts)</ins>. Include the output in your answer.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div># Write a tcpdump command to display all the ICMP "echo-request" packets in the packet file. Include the output in your answer.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div># Write a tcpdump command to display all the ICMP "echo-request" packets in the packet file. Include the output in your answer.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div># Write a pipe line command, using tcpdump as part of the pipe line, to display the total number of packets belonging to the TELNET session between your system and matrix.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div># Write a pipe line command, using tcpdump as part of the pipe line, to display the total number of packets belonging to the TELNET session between your system and matrix.</div></td></tr>
</table>Pconstantinohttps://wiki.cdot.senecacollege.ca/w/index.php?title=NAD710_Lab_3&diff=17434&oldid=prevCheping: /* Back to the "super" terminal */2008-09-18T08:58:53Z<p><span dir="auto"><span class="autocomment">Back to the "super" terminal</span></span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr style="vertical-align: top;" lang="en">
<td colspan="2" style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: white; color:black; text-align: center;">Revision as of 08:58, 18 September 2008</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l229" >Line 229:</td>
<td colspan="2" class="diff-lineno">Line 229:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== Back to the "super" terminal ==</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== Back to the "super" terminal ==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* Switch to the "super" terminal window and press <ctrl-<del class="diffchange diffchange-inline">d</del>> to terminate the tcpdump program.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* Switch to the "super" terminal window and press <ctrl-<ins class="diffchange diffchange-inline">c</ins>> to terminate the tcpdump program.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* copy the packet file "/tmp/lab3-pkts" to your USB key or transfer it to your home directory on matrix.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* copy the packet file "/tmp/lab3-pkts" to your USB key or transfer it to your home directory on matrix.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   To transfer the packet file to matrix, use the command:</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>   To transfer the packet file to matrix, use the command:</div></td></tr>
</table>Chepinghttps://wiki.cdot.senecacollege.ca/w/index.php?title=NAD710_Lab_3&diff=17433&oldid=prevCheping: Lab 3 draft posted2008-09-18T08:52:41Z<p>Lab 3 draft posted</p>
<p><b>New page</b></p><div><h2>NAD710 - Introduction to Networks - Using Linux</h2><br />
<br />
=Objective=<br />
Monitoring and Analysing Network activities on a TCP/IP network using the tcpdump utility<br />
<br />
=Background Information=<br />
<b>tcpdump</b> is a network packet capturing program. It allows the root user to capture packets on a network and displaying them on the screen or saving them to a file for later analysis. The information provided by <b>tcpdump</b> can be used for identifying network problems or analysing network usage. Please consult the tcpdump man page for details.<br />
== tcpdump command-line options==<br />
List of useful command line options for tcpdump:<br />
* Print a list of the network interfaces available on the system and on which tcpdump can capture packets.<br />
tcpdump -D<br />
<br />
[root@rh9 ~]# tcpdump -D<br />
1.eth0<br />
2.eth1<br />
3.any (Pseudo-device that captures on all interfaces)<br />
4.lo<br />
<br />
* Specifies the network interface which tcpdump should listen on. If unspecified, tcpdump searches the system interface list for the lowest numbered, configured up interface. This option should be used on systems with multiple network interfaces if you want tcpdump to listen on a specific one.<br />
tcpdump -i <dev><br />
<br />
[root@rh9 ~]# tcpdump -i eth0<br />
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode<br />
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes<br />
13:19:12.725355 IP 192.168.0.205.39165 > zenit.senecac.on.ca.http: S 3491853088:3491853088(0) win 5840 <mss 1460,sackOK,timestamp 10362561 0,nop,wscale 7><br />
13:19:12.793356 IP zenit.senecac.on.ca.http > 192.168.0.205.39165: S 1585955578:1585955578(0) ack 3491853089 win 1460 <mss 1452,sackOK,timestamp 9040063 10362561,nop,wscale 7><br />
13:19:12.793424 IP 192.168.0.205.39165 > zenit.senecac.on.ca.http: . ack 1 win 46 <nop,nop,timestamp 10362629 9040063><br />
13:19:12.793549 IP 192.168.0.205.39165 > zenit.senecac.on.ca.http: . 1:731(730) ack 1 win 46 <nop,nop,timestamp 10362629 9040063><br />
<br />
4 packets captured<br />
5 packets received by filter<br />
0 packets dropped by kernel<br />
<br />
* The -n option instructs tcpdump not to convert IP address to host name, -nn for not to convert Port number to application name, etc. In this experiment, you should always include the -n option to avoid host name lookup.<br />
tcpdump -n -i <dev><br />
<br />
[root@rh9 ~]# tcpdump -<b><font color="red">n</font></b> -i eth0 <br />
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode<br />
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes<br />
13:19:12.725355 IP 192.168.0.205.39165 > 142.204.140.203.http: S 3491853088:3491853088(0) win 5840 <mss 1460,sackOK,timestamp 10362561 0,nop,wscale 7><br />
13:19:12.793356 IP 142.204.140.203.http > 192.168.0.205.39165: S 1585955578:1585955578(0) ack 3491853089 win 1460 <mss 1452,sackOK,timestamp 9040063 10362561,nop,wscale 7><br />
13:19:12.793424 IP 192.168.0.205.39165 > 142.204.140.203.http: . ack 1 win 46 <nop,nop,timestamp 10362629 9040063><br />
13:19:12.793549 IP 192.168.0.205.39165 > 142.204.140.203.http: . 1:731(730) ack 1 win 46 <nop,nop,timestamp 10362629 9040063><br />
<br />
4 packets captured<br />
5 packets received by filter<br />
0 packets dropped by kernel<br />
<br />
[root@rh9 ~]# tcpdump -<b><font color="red">nn</font></b> -i eth0 <br />
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode<br />
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes<br />
13:19:12.725355 IP 192.168.0.205.39165 > 142.204.140.203.80: S 3491853088:3491853088(0) win 5840 <mss 1460,sackOK,timestamp 10362561 0,nop,wscale 7><br />
13:19:12.793356 IP 142.204.140.203.80 > 192.168.0.205.39165: S 1585955578:1585955578(0) ack 3491853089 win 1460 <mss 1452,sackOK,timestamp 9040063 10362561,nop,wscale 7><br />
13:19:12.793424 IP 192.168.0.205.39165 > 142.204.140.203.80: . ack 1 win 46 <nop,nop,timestamp 10362629 9040063><br />
13:19:12.793549 IP 192.168.0.205.39165 > 142.204.140.203.80: . 1:731(730) ack 1 win 46 <nop,nop,timestamp 10362629 9040063><br />
<br />
4 packets captured<br />
5 packets received by filter<br />
0 packets dropped by kernel<br />
* The -e option instructs tcpdump to print the link-level header (MAC address on Ethernet network) on each dump line. <br />
tcpdump -<b>e</b> -n -i <dev><br />
<br />
[root@rh9 ~]# tcpdump -e -n -i eth0<br />
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode<br />
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes <br />
13:19:12.725355 00:1b:38:12:e2:33 > 00:11:95:0c:b3:94, ethertype IPv4 (0x0800), length 74: 192.168.0.205.39165 > 142.204.140.203.http: S 3491853088:3491853088(0) win 5840 <mss 1460,sackOK,timestamp 10362561 0,nop,wscale 7><br />
13:19:12.793356 00:11:95:0c:b3:94 > 00:1b:38:12:e2:33, ethertype IPv4 (0x0800), length 74: 142.204.140.203.http > 192.168.0.205.39165: S 1585955578:1585955578(0) ack 3491853089 win 1460 <mss 1452,sackOK,timestamp 9040063 10362561,nop,wscale 7><br />
13:19:12.793424 00:1b:38:12:e2:33 > 00:11:95:0c:b3:94, ethertype IPv4 (0x0800), length 66: 192.168.0.205.39165 > 142.204.140.203.http: . ack 1 win 46 <nop,nop,timestamp 10362629 9040063><br />
13:19:12.793549 00:1b:38:12:e2:33 > 00:11:95:0c:b3:94, ethertype IPv4 (0x0800), length 796: 192.168.0.205.39165 > 142.204.140.203.http: . 1:731(730) ack 1 win 46 <nop,nop,timestamp 10362629 9040063><br />
4 packets captured<br />
5 packets received by filter<br />
0 packets dropped by kernel<br />
<br />
* The -w option causes tcpdump to write the raw packets to file rather than parsing and printing them out. The packets can later be displayed with the -r option.<br />
tcpdump -i <dev> -w <b><i>filename</i></b><br />
<br />
[root@h9 ~]# tcpdump -i eth0 -w packets<br />
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes<br />
4 packets captured<br />
5 packets received by filter<br />
0 packets dropped by kernel<br />
<br />
* The -r option causes tcpdump to read packets from file created with the -w option. Any users could use the tcpdump (/usr/sbin/tcpdump) program to read the file created by the -w option as long as they have the read permission on it.<br />
tcpdump -r <b><i>filename</i></b><br />
<br />
[root@rh9 ~]# cp packets /tmp <-- <font color="blue">copy the file to the tmp directory with read permission for regular user</font><br />
[root@rh9 ~]# ls -l /tmp/packets<br />
-rw-r--r-- 1 root root 398 2008-09-17 13:33 /tmp/packets<br />
<br />
[rchan@rh9 tmp]$ /usr/sbin/tcpdump -r /tmp/packets <--<font color="blue">run by regular user, use absolute path for tcpdump</font><br />
reading from file packets, link-type EN10MB (Ethernet)<br />
13:19:12.725355 IP 192.168.0.205.39165 > zenit.senecac.on.ca.http: S 3491853088:3491853088(0) win 5840 <mss 1460,sackOK,timestamp 10362561 0,nop,wscale 7><br />
13:19:12.793356 IP zenit.senecac.on.ca.http > 192.168.0.205.39165: S 1585955578:1585955578(0) ack 3491853089 win 1460 <mss 1452,sackOK,timestamp 9040063 10362561,nop,wscale 7><br />
13:19:12.793424 IP 192.168.0.205.39165 > zenit.senecac.on.ca.http: . ack 1 win 46 <nop,nop,timestamp 10362629 9040063><br />
13:19:12.793549 IP 192.168.0.205.39165 > zenit.senecac.on.ca.http: . 1:731(730) ack 1 win 46 <nop,nop,timestamp 10362629 9040063><br />
<br />
[rchan@rh9 tmp]$ /usr/sbin/tcpdump -r /tmp/packets -n<br />
reading from file packets, link-type EN10MB (Ethernet)<br />
13:19:12.725355 IP 192.168.0.205.39165 > 142.204.140.203.http: S 3491853088:3491853088(0) win 5840 <mss 1460,sackOK,timestamp 10362561 0,nop,wscale 7><br />
13:19:12.793356 IP 142.204.140.203.http > 192.168.0.205.39165: S 1585955578:1585955578(0) ack 3491853089 win 1460 <mss 1452,sackOK,timestamp 9040063 10362561,nop,wscale 7><br />
13:19:12.793424 IP 192.168.0.205.39165 > 142.204.140.203.http: . ack 1 win 46 <nop,nop,timestamp 10362629 9040063><br />
13:19:12.793549 IP 192.168.0.205.39165 > 142.204.140.203.http: . 1:731(730) ack 1 win 46 <nop,nop,timestamp 10362629 9040063><br />
<br />
[rchan@rh9 tmp]$ /usr/sbin/tcpdump -r /tmp/packets -nn<br />
reading from file packets, link-type EN10MB (Ethernet)<br />
13:19:12.725355 IP 192.168.0.205.39165 > 142.204.140.203.80: S 3491853088:3491853088(0) win 5840 <mss 1460,sackOK,timestamp 10362561 0,nop,wscale 7><br />
13:19:12.793356 IP 142.204.140.203.80 > 192.168.0.205.39165: S 1585955578:1585955578(0) ack 3491853089 win 1460 <mss 1452,sackOK,timestamp 9040063 10362561,nop,wscale 7><br />
13:19:12.793424 IP 192.168.0.205.39165 > 142.204.140.203.80: . ack 1 win 46 <nop,nop,timestamp 10362629 9040063><br />
13:19:12.793549 IP 192.168.0.205.39165 > 142.204.140.203.80: . 1:731(730) ack 1 win 46 <nop,nop,timestamp 10362629 9040063><br />
<br />
[rchan@rh9 tmp]$ /usr/sbin/tcpdump -r /tmp/packets -nne<br />
reading from file packets, link-type EN10MB (Ethernet)<br />
13:19:12.725355 00:1b:38:12:e2:33 > 00:11:95:0c:b3:94, ethertype IPv4 (0x0800), length 74: 192.168.0.205.39165 > 142.204.140.203.80: S 3491853088:3491853088(0) win 5840 <mss 1460,sackOK,timestamp 10362561 0,nop,wscale 7><br />
13:19:12.793356 00:11:95:0c:b3:94 > 00:1b:38:12:e2:33, ethertype IPv4 (0x0800), length 74: 142.204.140.203.80 > 192.168.0.205.39165: S 1585955578:1585955578(0) ack 3491853089 win 1460 <mss 1452,sackOK,timestamp 9040063 10362561,nop,wscale 7><br />
13:19:12.793424 00:1b:38:12:e2:33 > 00:11:95:0c:b3:94, ethertype IPv4 (0x0800), length 66: 192.168.0.205.39165 > 142.204.140.203.80: . ack 1 win 46 <nop,nop,timestamp 10362629 9040063><br />
13:19:12.793549 00:1b:38:12:e2:33 > 00:11:95:0c:b3:94, ethertype IPv4 (0x0800), length 796: 192.168.0.205.39165 > 142.204.140.203.80: . 1:731(730) ack 1 win 46 <nop,nop,timestamp 10362629 9040063><br />
<br />
== tcpdump expression ==<br />
The tcpdump command accepts filter expressions either as a command line argument or from a text file. Packets that match the filter expression will be captured and displayed. If no expression is given, all packets on the net will be captured and displayed. <br />
<br />
A tcpdump expression consists of one or more primitives. Primitives can be combined using concatenation (and), or alternation (or), or negation (not) to form complex filter expressions. <br />
<br />
Primitives usually consist of an id (name or number) preceded by one or more qualifiers.<br />
<br />
There are three different kinds of qualifier:<br />
* type - the type qualifier says what kind of thing the id name or namer refers to.<br />
** host (default type) (e.g. host cs.senecac.on.ca or host 142.204.140.48)<br />
** net (e.g. net 192.168.1.0/24 - any packets from or to the network 192.168.1.0)<br />
** port (e.g. port 22 - tcp or upd, source or destination port 22)<br />
** portrane (e.g. portrange 1234-1240)<br />
* dir - the dir qualifier specifies a particular transfer direction to and/or from id:<br />
** src (e.g. src host zenit.senecac.on.ca)<br />
** dst (e.g. dst net 192.168.1)<br />
** src or dst (default dir) (e.g. src or dst port 80)<br />
** src and dst <br />
* proto - the proto qualifier restricts the match to a particular protocol:<br />
** ether (e.g. ether dst mac, ether src mac, ether host mac)<br />
** fddi<br />
** tr<br />
** wlan<br />
** ip<br />
** ip6<br />
** arp <br />
** rarp<br />
** tcp<br />
** udp<br />
** (default) if there is no proto qualifier, all protocols consistent with the type are assumed<br />
<br />
It is also possible to construct filter expressions to match specific fields in protocol headers. This is done with expressions of the form:<br />
proto[offset:size]<br />
to select bytes starting at offset with size bytes, for example:<br />
ip[2:2]<br />
the above primitive select the third byte (0 is the first byte) from the IP header up to the 5th byte. The following expression can be used to select packets that have their IP datagrames that are longer than 512 bytes:<br />
ip[2:2]>512<br />
The following expression selects packets with the SYN bit set in the TCP header - the first packet in the 3-way handshake for initializing a new TCP connection:<br />
tcp[13] == 2<br />
More examples can be found on the tcpdump man page.<br />
<br />
=Procedure=<br />
* Boot up a system in the lab to Fedora Core 8 (or FC9 if you are doing this lab in some other places).<br />
* Login in as the regular "joker" (or any login name of a regular user).<br />
* Open up two terminal windows. Name one as "super" and the other one as "joker".<br />
== On the "super" terminal ==<br />
* On the "super" terminal, enter the command<br />
su -<br />
* When asked for the password, type in the root password to switch to the "root" user account on the "super" terminal window. <br />
* Use the "ifconfig" or the "ip" command to find out the device name, IP address, broadcast address, netmask, and the MAC address of the active network interface. When you see a place holder <my-ip> below, replace it with the IP address of your system. When you see the place holder <my-mac> below, replace it with the MAC address of your NIC.<br />
* Enter the following command to find out the IP address of the host matrix.senecac.on.ca:<br />
[joker@FC8 ~]host matrix.senecac.on.ca<br />
matrix.senecac.on.ca has address 142.204.xxx.xxx<br />
* Replace the place holder <matrix-ip> below with matrix's actual IP address. Enter the command:<br />
[joker@FC8 ~]ping -c 5 <matrix-ip><br />
* Inform your instructor if the ping statistics indicates a 100% packet loss.<br />
* Enter the following command to capture 10 packets either coming into your system or going out from your system:<br />
<br />
tcpdump -i <dev> -c 10 -n host <my-ip><br />
<br />
* The purpose of the above tcpdump command is to verify that tcpdump works properly on your system.<br />
* Enter the following command to capture packets coming into your system or going out from your system and save them to a file called "lab3-pkts":<br />
tcpdump -i <dev> -s 0 host <my-ip> -w /tmp/lab3-pkts<br />
<br />
== On the "joker" terminal ==<br />
* On the "joker" terminal, enter the commands:<br />
<br />
ping -c 2 <matrix-ip><br />
host cs.senecac.on.ca<br />
<br />
* It is possible to login to matrix using a telnet client program. <font color="red"><b>Do not use your real password during this telnet exercise, the password will be exposed and captured</b></font> in the tcpdump file. The listing below shows an unsuccessful interactive telnet session attempting to login to matrix. Please follow each commands exactly as shown except replacing the place holder <my-account> with your learn account name. The password in blue will not be echoed on your screen as you type.<br />
<br />
[joker@FC8 ~]$ telnet matrix.senecac.on.ca<br />
Trying 142.204.140.90...<br />
Connected to matrix.senecac.on.ca.<br />
Escape character is '^]'.<br />
<br />
Seneca College of Applied Arts & Technology<br />
Welcome to matrix.senecac.on.ca<br />
<br />
matrix login: <my-account><br />
Password: <font color="blue"><b>seneca99</b></font> <br />
Login incorrect<br />
<br />
<br />
matrix login: <my-account><br />
Password: <font color="blue"><b>secret-pw</b></font><br />
Login incorrect<br />
<br />
<br />
matrix login: <my-account><br />
Password: <font color="blue"><b>happyday</b></font><br />
Login incorrect<br />
<br />
Connection closed by foreign host.<br />
[joker@FC9 ~]$<br />
<br />
* Use the "ssh" command to login to matrix with your student account and password (use the real one this time). The following is an sample "ssh" session on matrix:<br />
[user-a@localhost ~]$ ssh learn-id@matrix.senecac.on.ca<br />
The authenticity of host 'matrix.senecac.on.ca (142.204.140.90)' can't be established.<br />
RSA key fingerprint is 20:23:07:dd:63:81:d0:7f:39:81:0b:43:a4:60:38:e5.<br />
Are you sure you want to continue connecting (yes/no)? yes<br />
Warning: Permanently added 'matrix.senecac.on.ca,142.204.140.90' (RSA) to the list of known hosts.<br />
Password: <password><br />
Last login: Tue Mar 18 12:47:01 2008 from zenit.senecac.on.ca<br />
Have a lot of fun...<br />
learn-id@matrix:~> exit<br />
logout<br />
<br />
Connection to matrix.senecac.on.ca closed.<br />
[user-a@localhost ~]$<br />
<br />
== Back to the "super" terminal ==<br />
* Switch to the "super" terminal window and press <ctrl-d> to terminate the tcpdump program.<br />
* copy the packet file "/tmp/lab3-pkts" to your USB key or transfer it to your home directory on matrix.<br />
To transfer the packet file to matrix, use the command:<br />
[user-a@FC8 ~]$ scp /tmp/lab3-pkts learn-id@matrix.senecac.on.ca:<br />
<br />
=Questions=<br />
Answer the following questions based on the packet file "lab3-pkts" you created for this lab.<br />
# Write a tcpdump command to display all the packets your system sent to matrix. Do not do any name resolution for any fields in the packet but do display the physical addresses contained in the packets.<br />
# Write a tcpdump command to display all the packets sent to your system from matrix. Do not do any name resolution for any fields in the packet but do display the physical addresses contained in the packets.<br />
# Write a tcpdump command to display all the ARP packets captured in the packet file. Include the output in your answer.<br />
# Write a tcpdump command to display all the ICMP "echo-request" packets in the packet file. Include the output in your answer.<br />
# Write a pipe line command, using tcpdump as part of the pipe line, to display the total number of packets belonging to the TELNET session between your system and matrix.<br />
# Do the same for the SSH session.<br />
# Write a pipe line command, using tcpdump as part of the pipe line, to display the total number of TCP packets in the packet file.<br />
# Do the same for UDP packets.<br />
# Describe the steps you could use to find out all MAC addresses captured in the packet file. Include all the MAC addresses found in your answer.<br />
# Describe the steps you could use to find out the total number of bytes your system received from matrix.<br />
<br />
=Completing this Lab=<br />
* Post your answers for this lab to [[NAD710 Lab 3 Answers]]<br />
* You will be graded according to your contribution. If you have nothing to add to the answer page, please make some comments of the lab and the answers and email them to your professor. <br />
<br />
[[Category:LUX]][[Category:NAD]]</div>Cheping