1. In a terminal window on PC1, type in the following command
and observer the output.
$ sudo tcpdump –n –i eth0
2. Listen to the traffic from PC1 on PC2 by using the following
command. You maybe required to enter the password. If so you
should see tcpdump: listening on eth0 if the command was successful.
$ sudo tcpdump –n host 192.168.30.52
3. On PC2, issue a ping command to PC1 for 5 packets.
Observer the output, and use Ctrl-C to quit tcpdump, but do not close
the terminal window.
$ ping –c 5 192.168.30.51
4. The previous command executed on PC1 will capture all datagrams. To filter packets, on PC1 open
a new window and
type the following:
$ sudo tcpdump –n not \icmp and host 192.168.30.52
5. On PC2, ping PC1 with 5 packets and observer the
output. After you are done you can quit TCPDump. Use the
following command to ping PC1.
$ ping –c 5 192.168.30.51
6. On PC1, execute the command, which will save the tcpdump output to
a file in your local directory..
$ sudo tcpdump –n host 192.168.30.52 –l | tee file_name
7. Open another terminal window and initiate an FTP session to
PC2 by issuing the following command.
$ ftp 192.168.30.52
with username tel2821 and the password sniffer.
ftp> cd NetSec
ftp> get tcpdump.txt
ftp> bye
8.
If the NetSec directory or the file tcpdump.txt does not exist, you can
create a new one.
$ man tcpdump | col –b > tcpdump.txt
9. At PC1, quit tcpdump and print out the tcpdump output file. You need
to save it on a
floppy disk or other removable media. You will also need to print out and attach the output to your lab report.
1. What are the -n and –i options? (you can refer to the man pages for more
details.)
2. What is the difference between the output in step 3 and that in step 4?
3. Based on your output, what are the port numbers of the FTP client
and the FTP server?
