Datatex Dynamics

[Leon van Heerden]

TCPDump allows you to capture the network packets on a network card and display the info related to the packets on the screen or write it to a file.

The standard usage just dumps the source and destination address and ports.
This will dump all the packet info for all the packets on interface eth0 and not do any DNS lookups for the IPs.

Code: Select all

tcpdump -n -i eth0

If you are connected to this ethernet card, you should exclude your traffic using a rule like this:

Code: Select all

tcpdump -n -i eth0 not host 192.168.0.10 and not port 22

or you can explicitly state the port that you want to capture information for:

Code: Select all

tcpdump -n -i eth0 port 25

To capture the enitre packet and it's content, you need to add the following to the command line:

Code: Select all

-s0 -w testfile.pcap

So it should look like this:

Code: Select all

tcpdump -n -i eth0 -s 0 -w testfile.pcap port 25

The resulting file can be viewed with Wireshark.

[Belinda Frick]

WINDOWS Capture:

1. Open command prompt on Windows recorder.
   
   
2. Navigate to folder in cmd:
   

   Code: Select all

   C:\WiresharkPortable\App\Wireshark>

   
   
3. Command to get network devices:
   

   Code: Select all

   tshark.exe -D

   
   
   Result:
   

   Code: Select all

   1. \Device\NPF_{245CF9F1-5E53-40EF-B8E7-C1D2F00EF1AB} (VOICE)
2. \Device\NPF_{EA122839-C12C-4613-909F-B646516EE38A} (DATA)
3. ciscodump (Cisco remote capture)
4. randpkt (Random packet generator)
5. sshdump (SSH remote capture)
6. udpdump (UDP Listener remote capture)


   
   
4. Capture command (will stop after 24 hours):
   

   Code: Select all

   C:\WiresharkPortable\App\Wireshark>tshark.exe -i \Device\NPF_{245CF9F1-5E53-40EF-B8E7-C1D2F00EF1AB} -s 0 -b duration:3600 -b files:24 -w indew-pew.pcap

   
   Result:
   

   Code: Select all

   Capturing on 'VOICE'
2249502