TCP Dump - What is it and how to use it?

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] hello welcome to our cisco cyber security operations video series this lesson is about the identification of types of data provided by different technologies in this lesson we'll talk about the following we're going to talk about tcp dump netflow data provided by nextgen firewall and traditional stateful firewall application visibility and control web content filtering and email content filtering tcp dump is a command line utility that allows you to capture and analyze network traffic to your system it is often used to help resolve network issues as well as a security tool tcp dump can be used in a variety of cases as powerful and versatile tool that includes many options and filters since it is a command line tool it is ideal to run on remote servers or devices for which a gui is not available to collect data that can be analyzed later it can also be started in the background or as a scheduled job using tools like cron all right so tcp dump is included with several linux distributions so chances are you already have it installed so check if tcp dump is installed on your system with this command which tcp dump so this means that tcp dump is already installed based on the output so if tcp dump is not installed you can install it by using your distributions package manager for cali linux you use sudo apt-get install tcp dump to capture packets for troubleshooting or analysis tcp dump requires elevated permissions so in the following examples most commands are prefix with sudo alright so to begin use the command tcp dump minus d to see which interfaces are available for capture so in the example above you can see all the interfaces available in my machine right the special interface any allows capturing in any active hardware tcp continues to capture packets until it receives an interrupt signal you can interrupt capturing by pressing ctrl c now to limit the number of packets captured and stop tcp dump use the minus c option by default tcp dump resolves ip addresses and ports into names as shown in the previous example when troubleshooting network issues it is often easier to use the ip address and port numbers so disable name resolution by using the option minus n and port resolution minus nn so the capture output now displays the ip addresses right in the port number so this also prevents tcp dump from issuing dns lookups so tcp dump can capture too many packets some of which are not even related to the issue that you're troubleshooting rate for example if you're troubleshooting a connectivity issue with a web server you're not interested in the ssh traffic so removing the ssh traffic from the output makes it easier to work on the real issue one of the tcp dumps most powerful features is its ability to filter the captured packets using a variety of parameters such as source and destination ip addresses ports and etc so for example we will capture just the icmp packets by using this command okay all right as you will see we're not displaying any name resolution but we're just getting all the icmp related packets you can also filter packets based on the source or destination ip address or hostname okay that should be a minus and then yeah you can set it if you send a ping there you go all right uh you can also filter it per a port number right using this particular command so let's say you're you know you want to connect to a website so we want to capture a package sent to port number 80. so if we open a browser then go to google.com right you should be able to see the you know the packets captured there you go right okay so this is our uh simulation about tcp dump so i hope you now understand how it's being used thank you
Info
Channel: howtonetwork
Views: 35,275
Rating: undefined out of 5
Keywords: tcp dump, what is tcp dump, what is tcpdump and how it works, Tcpdump, how to use tcpdump, tcpdump examples, tcpdump port, tcpdump command, tcpdump windows, tcpdump linux, what does tcpdump do, what is tcpdump used for, what is tcpdump in linux, what is tcpdump command, tcpdump wireshark, tcp, tcpdump tutorial, tcpdump analysis, tcpdump tutorial for beginners, tcpdump pcap, netflow, next gen firewall, traditional stateful firewall, web content filtering, CLI
Id: e45Kt1IYdCI
Channel Id: undefined
Length: 6min 20sec (380 seconds)
Published: Mon Aug 10 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.