Please I need only screen shots of the results from the project bellow: Hands-On

Question

Please I need only screen shots of the results from the project bellow:

Hands-On Projects Project 5-1 This project shows you how to use tepdump, a command-line application. Enter 1. Using root access, type topdump at the command line. If the directory in HANDS-ON PROJECTS which tcpdump is installed is not in your path, include the full pathname 2. A description of the many available options appears on the man (manual) page. To view 3. To send the manual to a text file that you can read later or print out for offline reading, type 4. To view detailed information about the options, as shown in the following, type when typing the command. the man page inline, type man tcpdump. man topdump>/Desktop/tepdump.txt. tepdump -help. T sie decid sn about dhe optons as shown in the folowing: sP tepdump version 4.2.1. libpcap version 1·2·1 Usage: tapdump [-aAdDeflLnNOpqRStuUvxx] [-c count] I -c file size ] [ -E algo:secret ] I -F file] [-i interface ] M secret ] t -r file] I -s snaplen ] I-T type] [ -w file] -

Explanation / Answer

# tcpdump -nS

# tcpdump -nnvvS

# tcpdump -nnvvXS

# tcpdump -nnvvXSs 1514

host // look for traffic based on IP address (also works with hostname if you’re not using -n)

# tcpdump host 1.2.3.4

src, dst // find traffic from only a source or destination (eliminates one side of a host conversation)

# tcpdump src 2.3.4.5
# tcpdump dst 3.4.5.6

net // capture an entire network using CIDR notation

# tcpdump net 1.2.3.0/24

proto // works for tcp, udp, and icmp. Note that you don’t have to type proto

# tcpdump icmp

You also have the option to filter by a range of ports instead of declaring them individually, and to only see packets that are above or below a certain size.

[ You can use the symbols for less than, greater than, and less than or equal / greater than or equal signs as well. ]

Capture all Port 80 Traffic to a File

# tcpdump -s 1514 port 80 -w capture_file

Then, at some point in the future, you can then read the traffic back in like so:

Read Captured Traffic back into tcpdump

# tcpdump -r capture_file

TCP traffic from 10.5.2.3 destined for port 3389

tcpdump -nnvvS src 10.5.2.3 and dst port 3389

# Traffic originating from the 192.168 network headed for the 10 or 172.16 networks

tcpdump -nvX src net 192.168.0.0/16 and dst net 10.0.0.0/8 or172.16.0.0/16

# Non-ICMP traffic destined for 192.168.0.2 from the 172.16 network

tcpdump -nvvXSs 1514 dst 192.168.0.2 and src net and not icmp

# Traffic originating from Mars or Pluto that isn’t to the SSH port

tcpdump -vv src mars and not dst port 22

# tcpdump port 3389

# tcpdump src port 1025 # tcpdump dst port 389

# tcpdump src port 1025 and tcp
# tcpdump udp and src port 53

Related Questions

Navigate

• Browse (All)
• Browse P
• Subjects

---