TCPDump: Set Up and Getting Started - HakTip 142

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

today on hash tip we are setting up TCP dump in Linux this episode of hack tip is brought to you by Atlassian welcome to hack tip the show where we break down concepts tools and techniques for hackers gurus and IT ninjas I am Shannon Morrison today we are checking out and setting up TCP dump and some simple commands TCP dump is the obvious new thing that we will discover after dealing with Wireshark for so very long it works just like Wireshark except TCP dump is in the command line for Linux machines a similar program is available for Windows machines it's called wind dump but it is not available for Windows 10 at least it won't work on my machine unfortunately it will literally dump traffic from a network into your terminal session so you don't have to download any extra gooeys for this to work TCP dump will print out a description of all of the contents of all the packets that it is capturing preceded by a timestamp so it's very similar to what you would see in Wireshark you can save the data into a file you can capture a specific amount of packets you can pretty much do whatever you want expressions are used with TCP dump to print out only the packets that match your criteria so you can customize it as much as you want as well and to install and this is pretty obvious I'm not gonna lie it's sudo apt-get install TCP dump I know that was easy wasn't it now I am using sudo not sudo su that's what I prefer you can use sudo su if you choose to do so now you can also visit tcp dump org for the newest releases and links to the github for their development luckily TCP dump is free and it is open source there is a very useful man page for TCP dump as well in case you want to learn all the different expressions and as usual with every other Linux command that we have out there it is man TCP dump and that will give you this nice long man page now I would highly suggest reading through here because there is a ton of really good information on here obviously we don't have time to get through everything on here I'm gonna give you a general overview of some of the popular ways to use it so let's go ahead and get started first off we're gonna type sudo of course sudo TCP dump tech I wlan0 let's let that root run for a moment sudo is going to let TCP dump go ahead and run with admin privileges TCP dump is obviously the program that we are using tak I right after that is the interface so that allows us to suggest a specific interface that we want to use and then wlan0 is obviously the specific interface that we will be using to run our TCP dump command now if you don't know what interface you are connected with you can type I have config to find the one that has a resolved IP address or if you want to see all of them you can do so in TCP dump you can just simply type sudo TCP dump I'll actually type this in for you so you know TCP dump and then I tack capital D and this is going to list them all for you again now you can use the number instead of the name for tack I so for example if I just want to use wlan0 I can type in number two because that's the second interface that I have on my computer and then hit enter and it should give me a very similar packet capture as I did before now we are going to get a whole bunch of different packet captures for this wireless network including some from other computers in the network router if there are other computers connected to this network so I'm gonna go ahead and let this run for a little bit so I can show you some examples right after this break whether your genome mapping or 3d printing or your into space explanation or maybe you're just planning your next team off-site behind every single human achievement there is some kind of team a big team or a small team so this big question is how do you bring everybody together to build what's next and the solution of course is Atlassian you can unleash your team's potential with Atlassian's collaboration software so you can work and you can communicate so much better together because that's how we get along you know we've together we communicate together you can assign you can track you can manage tasks for any project no matter how complex that's the clarity of JIRA you can create and share content you can organize results and you can bring team members up to speed with the flexibility of confluence or you can instant message in video chat with your team from pretty much any device with the freedom of HipChat or you can test review and manage code in real time with the power of bitbucket which just got an update today awesome Atlassian is helping teams in every industry from startup to enterprise turn great ideas into reality I've been using bitbucket to share code snippets with my co-workers to get their feedback so we can talk about what's going on and we can build better tutorials for you guys for future episodes of hack tip now you can go to Atlassian comm to learn more and see how JIRA confluence HipChat and bitbucket gave your team everything you need to organize discuss and complete shared work that's Atlassian comm unleash the potential in your team and build what's next we are back once TCP dump has captured all of those packets that you want it to you can hit control-c to stop it don't worry I won't leave you hanging now from left to right let's go ahead and explain what is going on in one of these packets so if we go back to my computer you'll see the timestamp over on the left and this is going to be in hours minutes seconds and milliseconds I'll get into how you can change that in a future segment now next is the protocol for the packet IP so that's going to be art for this example or IP I think that's pretty much all I have going on here is our ProQuest's and then IPS if available you will see a port right after that and lastly you will see information about the packet now you may be wondering why I get names of computers instead of IP addresses for the IP lines so I see snubs aspire local not the IP line Peplink domain and yada yada yada so TCP dump will automatically resolve hostnames but we can stop that from happening with TAC n which means don't convert addresses to names so if you want to gain more information with just a one-liner or more than just a one-liner about each and every packet you can also use TAC V to make your command more verbose v's very popular in linux commands now for example the time to live the identification the total length and options in an IP packet are going to be printed with verbose lastly you can also add tacky for link level headers on each dump line and this can be used for example to print mac layer addresses for protocols such as Ethernet in I Triple E 802 dot 11 now also if you want to print your packets in ASCII which is totally possible you can type TAC capital A and I'll show you how to do that for example I'll type Tec v4 bit verbose and tech capital A for ASCII we'll see what happens ok so it looks a little bit confusing but this is going to print each and every packet - its link level header of course in ASCII so this can be very very handy if for example you need to capture web page information now let me know what you think or how you use TCP dump next week I am going to discuss how to use filtering which is super fun you can always send me a comment below or you can email us tips at hack 5 org and be sure to check out our sister show hack 5 for more great stuff just like this we're actually building drones over there it's a lot of fun I will be there reminding you to trust your Technol us

Info

Channel: Hak5

Views: 24,786

Rating: undefined out of 5

Keywords: hak5, hack, technology, darren kitchen, shannon morse, snubs, hack5, hacker, haktip, tcpdump, wireshark, command, linux

Id: hJJEM7k7czA

Channel Id: undefined

Length: 7min 59sec (479 seconds)

Published: Fri Mar 25 2016