CONTENTS

Network Protocols Analyzers: TCPDump

1. TCPDump.  TCPDump is a command-line network analyzer program. It prints out the headers of packets on a network interface that match a Boolean expression. TCPDump has a rich expression syntax that allows you to select only the packets you need to view to troubleshoot your problem. Please refer to TCPDump man page for the usage.

1.  In a terminal window on PC1, type in the following command and observer the output. 

$ sudo tcpdump n i eth0

2.  Listen to the traffic from PC1 on PC2 by using the following command.  You maybe required to enter the password.  If so you should see tcpdump: listening on eth0 if the command was successful. 

$ sudo tcpdump n host 192.168.30.52

3.  On PC2, issue a ping command to PC1 for 5 packets.  Observer the output, and use Ctrl-C to quit tcpdump, but do not close the terminal window.

$ ping c 5 192.168.30.51

4.  The previous command executed on PC1 will capture all datagrams.  To filter packets, on PC1 open a new window and type the following:

$ sudo tcpdump n not \icmp and host 192.168.30.52

5.  On PC2, ping PC1 with 5 packets and observer the output.  After you are done you can quit TCPDump.  Use the following command to ping PC1. 

$ ping c 5 192.168.30.51

6. On PC1, execute the command, which will save the tcpdump output to a file in your local directory..

$ sudo tcpdump n host 192.168.30.52 l | tee file_name

7. Open another terminal window and initiate an FTP session to PC2 by issuing the following command. 

$ ftp 192.168.30.52 with username tel2821 and the password sniffer.

ftp> cd NetSec
ftp> get tcpdump.txt
ftp> bye

8.  If the NetSec directory or the file tcpdump.txt does not exist, you can create a new one. 

$ man tcpdump | col b > tcpdump.txt

9. At PC1, quit tcpdump and print out the tcpdump output file. You need to save it on a floppy disk or other removable media. You will also need to print out and attach the output to your lab report. 

2. Questions: 

1. What are the -n and i options? (you can refer to the man pages for more details.)

2. What is the difference between the output in step 3 and that in step 4?

3. Based on your output, what are the port numbers of the FTP client and the FTP server?

3. How to Save Output File to a Floppy in Linux. 

1. Insert a floppy disk 2 Open a terminal using terminal icon on the Desktop.
2. At command prompt, type $mount /mnt/floppy
3. To save an output file, type $cp file_name /mnt/floppy/
4. At command prompt, type $umount /mnt/ floppy