Tcpdump is one of the finest tools available for network analysis. It is a must have tool for all of the Network Administrators and users who wants to understand TCP/IP.It enable users to capture packets transmitted or received over the network/Internet. It is important to know that super user authentication is required to run tcpdump, it is absolutely free tool available under BSD License.
It is a command line tool available for Debian and Redhat based systems, packets can be saved in log form which can be analysed later on with tcpdump. You can apply filters on the packets and can avoid the traffic which you do not wants to see.It understand hostname and almost all of the TCP and UDP protocols.
# yum install tcpdump
For Ubuntu distribution:
# apt-get install tcpdump
for Debian OS:
# pkg install tcpdump
1. Use tcpdump without any option it will dump output to the scree
2. Specify some interface to capture network traffic
# tcpdump -i eth1
Note that in above example that Packet captured, packet received and packets drops are described at the end of each output.
3. Capture packet from some specific host
# tcpdump src host 184.108.40.206
# tcpdump src host unixmen.com
4. Read data with time stamp
# tcpdump -i eth0 -n -tttt
5. Scan network for some specific ip range
# tcpdump net 220.127.116.11/24
6. Grab some icmp traffic for specific interface
# tcpdump -i eth1 icmp
7. Record log of tcpdump to some specific file
# tcpdump -w unixmen.cap
unixmen.cap is file name.
Read that recored log with tcpdump
# tcpdump -r unixmen.cap
8. Capture only ARP packets for any interface
# tcpdump -v arp
9. Capture the data using ip address
# tcpdump -n -i eth0
10. Scan network more deeply
# tcpdump -nnvvXS
There are lots of utility which can be used with tcpdump, we will try to provide more tutorials of security tools in future.
tcpdump is a easy to use tool, no supporting packages are required to install or configure this tool, .cap log format is supported which is common for most of network scanning tools.