TCPDump: Set Up and Getting Started - HakTip 142 Video Lecture | Start Using Wireshark: Do Hacking like a Pro - Back-End Programming

today on hash tip we are setting up TCP
dump in Linux this episode of hack tip
is brought to you by Atlassian welcome
to hack tip the show where we break down
concepts tools and techniques for
hackers gurus and IT ninjas
I am Shannon Morrison today we are
checking out and setting up TCP dump and
some simple commands TCP dump is the
obvious new thing that we will discover
after dealing with Wireshark for so very
long it works just like Wireshark except
TCP dump is in the command line for
Linux machines a similar program is
available for Windows machines it's
called wind dump but it is not available
for Windows 10 at least it won't work on
my machine unfortunately it will
literally dump traffic from a network
into your terminal session so you don't
have to download any extra gooeys for
this to work TCP dump will print out a
description of all of the contents of
all the packets that it is capturing
preceded by a timestamp so it's very
similar to what you would see in
Wireshark you can save the data into a
file you can capture a specific amount
of packets you can pretty much do
whatever you want
expressions are used with TCP dump to
print out only the packets that match
your criteria so you can customize it as
much as you want as well and to install
and this is pretty obvious I'm not gonna
lie it's sudo apt-get install TCP dump I
know that was easy wasn't it now I am
using sudo not sudo su that's what I
prefer you can use sudo su if you choose
to do so now you can also visit tcp dump
org for the newest releases and links to
the github for their development luckily
TCP dump is free and it is open source
there is a very useful man page for TCP
dump as well in case you want to learn
all the different expressions and as
usual with every other Linux command
that we have out there it is man TCP
dump and that will give you this nice
long man page now I would highly suggest
reading through here because there is a
ton of really good information on here
obviously we don't have time to get
through everything on here
I'm gonna give you a general overview of
some of the popular ways to use it so
let's go ahead and get started first off
we're gonna type sudo of course sudo TCP
dump tech I wlan0 let's let that root
run for a moment sudo is going to let
TCP dump go ahead and run with admin
privileges TCP dump is obviously the
program that we are using tak I right
after that is the interface so that
allows us to suggest a specific
interface that we want to use and then
wlan0 is obviously the specific
interface that we will be using to run
our TCP dump command now if you don't
know what interface you are connected
with you can type I have config to find
the one that has a resolved IP address
or if you want to see all of them you
can do so in TCP dump you can just
simply type sudo TCP dump I'll actually
type this in for you so you know TCP
dump and then I tack capital D and this
is going to list them all for you again
now you can use the number instead of
the name for tack I so for example if I
just want to use wlan0 I can type in
number two because that's the second
interface that I have on my computer and
then hit enter and it should give me a
very similar packet capture as I did
before now we are going to get a whole
bunch of different packet captures for
this wireless network including some
from other computers in the network
router if there are other computers
connected to this network so I'm gonna
go ahead and let this run for a little
bit so I can show you some examples
right after this break whether your
genome mapping or 3d printing or your
into space explanation or maybe you're
just planning your next team off-site
behind every single human achievement
there is some kind of team a big team or
a small team so this big question is how
do you bring everybody together to build
what's next and the solution of course
is Atlassian you can unleash your team's
potential with Atlassian's collaboration
software so you can work and you can
communicate so much better together
because that's how we get along you know
we've
together we communicate together you can
assign you can track you can manage
tasks for any project no matter how
complex
that's the clarity of JIRA you can
create and share content you can
organize results and you can bring team
members up to speed with the flexibility
of confluence or you can instant message
in video chat with your team from pretty
much any device with the freedom of
HipChat or you can test review and
manage code in real time with the power
of bitbucket which just got an update
today awesome Atlassian is helping teams
in every industry from startup to
enterprise turn great ideas into reality
I've been using bitbucket to share code
snippets with my co-workers to get their
feedback so we can talk about what's
going on and we can build better
tutorials for you guys for future
episodes of hack tip now you can go to
Atlassian comm to learn more and see how
JIRA confluence HipChat and bitbucket
gave your team everything you need to
organize discuss and complete shared
work that's Atlassian comm unleash the
potential in your team and build what's
next
we are back once TCP dump has captured
all of those packets that you want it to
you can hit control-c to stop it don't
worry I won't leave you hanging now from
left to right let's go ahead and explain
what is going on in one of these packets
so if we go back to my computer you'll
see the timestamp over on the left and
this is going to be in hours minutes
seconds and milliseconds I'll get into
how you can change that in a future
segment now next is the protocol for the
packet IP so that's going to be art for
this example or IP I think that's pretty
much all I have going on here is our
ProQuest's and then IPS if available you
will see a port right after that and
lastly you will see information about
the packet now you may be wondering why
I get names of computers instead of IP
addresses for the IP lines so I see
snubs aspire local not the IP line
Peplink domain and yada yada yada so TCP
dump will automatically resolve
hostnames but we can stop that from
happening with TAC n which means don't
convert addresses to names so if you
want to gain more information with just
a one-liner or more than just a
one-liner about each and every packet
you can also use TAC V
to make your command more verbose v's
very popular in linux commands now for
example the time to live the
identification the total length and
options in an IP packet are going to be
printed with verbose lastly you can also
add tacky for link level headers on each
dump line and this can be used for
example to print mac layer addresses for
protocols such as Ethernet in I Triple E
802 dot 11 now also if you want to print
your packets in ASCII which is totally
possible you can type TAC capital A and
I'll show you how to do that for example
I'll type Tec v4 bit verbose and tech
capital A for ASCII we'll see what
happens ok so it looks a little bit
confusing but this is going to print
each and every packet - its link level
header of course in ASCII so this can be
very very handy if for example you need
to capture web page information now let
me know what you think or how you use
TCP dump next week I am going to discuss
how to use filtering which is super fun
you can always send me a comment below
or you can email us tips at hack 5 org
and be sure to check out our sister show
hack 5 for more great stuff just like
this we're actually building drones over
there it's a lot of fun I will be there
reminding you to trust your Technol us