A


P P E N D I X


A


Introduction to 


tcpdump


cpdump is a packet capture tool. It can grab packets flowing on the


T


network, match them to some criteria and then dump them on the


screen or into a file. It is available on most of the UNIX platforms. On


Linux machines, you need to be the root user to run tcpdump. If you save


the captured data in a file, you can view the file later using tcpdump.


Since Snort can also store data in the tcpdump format in files, it becomes


an interesting tool for many people to view Snort files that have been cre 


ated in the tcpdump format.


The typical output of the command when used on the command prompt without


any argument is as follows:


[root@conformix]# 


tcpdump


Kernel filter, protocol ALL, TURBO mode (575 frames), datagram packet 


socket


tcpdump: listening on all devices


13:05:52.216049 eth0 < rr laptop.6001 > dti414.1245: P 


1578894642:1578894674(32) ack 3347166818 win 63520 


 (DF)


13:05:52.216049 eth0 > dti414.1245 > rr laptop.6001: . 1:1449(1448) ack 


32 win 63712  (DF)


13:05:52.216049 eth0 > dti414.1245 > rr laptop.6001: P 1449:2045(596) 


ack 32 win 63712  (DF)


13:05:52.216049 eth0 < rr laptop.6001 > dti414.1245: . 32:32(0) ack 


2045 win 64240  (DF)


221








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved