tcpdump - This is a short tutorial on tcpdump. You must...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
This is a short tutorial on tcpdump. You must make a printout of ``man tcpdump'' to follow this tutorial. Note: ``man tcpdump'' will be (slightly) different on different computers. You must be root to use tcpdump, but anybody can get man tcpdump. The examples I use were obtained in the Internet Lab, GITC 4325, on 03/12/2005. Three computers were used: franklin, marconi, and hawking (which should have been hawkings). Marconi is configured as a router. Franklin and hawking are configured as hosts. Traffic between franklin and hawking passes through marconi. See the Network Diagram on this page. I created a small file called ``twopackets'' in franklin. It is about 1536 bytes large, so when ftp-ed it needs two packets. I turned on tcpdump in marconi on the interface toward franklin. I let tcpdump ``dump'' a copy of every packet it saw, without analyzing the packets, into a file. The command was: tcpdump -s 0 -i eth3 -w rawtwopack I then ftp-ed the file ``twopackets'' from franklin to hawking, and then turned tcpdump off in marconi. (Control-C). For more on FTP, see Comer page 461 etc, and the FTP mini-tutorial in the CIS456 general pages. The file ``rawtwopacks'' in marconi is not human-readable. I made four different ``human readable'' versions of it, by the commands tcpdump -r rawtwopack -s 0 -e -vvv > cooked1twopack tcpdump -r rawtwopack -s 0 -e -n -nn -S > cooked2twopack tcpdump -r rawtwopack -s 0 -e -n -nn -S -x > cooked3twopack tcpdump -r rawtwopack -s 0 -e -n -nn -S -x -X > cooked4twopack Read ``man tcpdump'' and try to figure out what the four files cooked1twopack, cooked2twopack, cooked3twopack, cooked4twopack contain. For the time being I will only show you cooked1twopack, cooked2twopack, cooked3twopack. (on this page). Note: while they are ``human readable'' they are pretty nasty to read for us humans! Among other things, in the first two every packet is one long line, without any space between the lines. I wrote the Perlscripts ``addwhite'' which adds white between lines, ``breaklines'' which breaks lines, and ``clean'' which removes space from the end of lines. These scripts are on this page. Feel free to use them. Do not forget to make them executable. (chmod 777). To debug I did
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/09/2009 for the course CS 431,430,48 taught by Professor Scher,statica during the Spring '09 term at NJIT.

Page1 / 5

tcpdump - This is a short tutorial on tcpdump. You must...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online