TCPDUMP IN LINUX AND
SNOOP IN SOLARIS
TCPDUMP IN LINUX:
[root@gagan
~]# tcpdump –help
OPTIONS:
-S : Print absolute sequence numbers. -e : Get the ethernet header. -q : Show less protocol information. -E : Decrypt IPSEC traffic by providing an encryption key. -n : Don't resolve hostnames. -nn : Don't resolve hostnames or port names. -X : Show the packet's contents in both hex and ASCII. -XX : Same as -X, but also shows the ethernet header. -v, -vv, -vvv : Increase the amount of packet information you get back. -c : Only get x number of packets and then stop. -s : Define the snaplength (size) of the capture in bytes. Use -s0 to get everything, unless you are intentionally capturing less.
Regular Expressions:
AND - and or && OR - or or || EXCEPT - not or !
TCPDUMP COMMAND EXAMPLES:
1. To capture all the interfaces network traffic using tcpdump,just run command “tcpdump”
[root@gagan ~]# tcpdump
2. To capture the
network traffic on the particular interface,
[root@gagan ~]# tcpdump -i eth0
3.To capture the “N” no
of network packets , use “-c” option (To
specify“N” value.)
[root@gagan
~]# tcpdump -c 8 -i eth0
4.
To capture the network traffic between two IP address.Source IP address: Local system IP
Destination IP address:Remote system IP
[root@gagan ~]# tcpdump src 10.0.0.2 and dst host 10.0.04 -c 10
5. To capture the specific local port traffic using tcpdump,
[root@gagan ~]# tcpdump src port 21 -c 9
6. To capture network traffic of destination port ,
[root@gagan ~]# tcpdump dst port 21 -c 8
7. To filter the network traffic using destination
IP address and local port number, [root@gagan ~]# tcpdump dst 10.0.0.4 and src port 21 -c 9
8. To filter the specific network traffic,use the below command.
[root@gagan ~]# tcpdump net 10.0.0.0/24 -c 8
9. To filter the traffic using the protocal, Ex:ICMP
[root@gagan ~]# tcpdump icmp
10. To filter the traffic using port range,
[root@gagan ~]# tcpdump portrange 21-25 -c 9
11. To capture the network packets to the file, use “-w” option.File should have extension with the name “pcap”.
[root@gagan ~]# tcpdump portrange 21-25 -w saveme.pcap
SNOOP IN SOLARIS
OPTIONS:
snoop
[ -a ] # Listen to packets on audio
[ -d device ] # settable to le?, ie?, bf?, tr?
[ -s snaplen ] # Truncate packets
[ -c count ] # Quit after count packets
[ -P ] # Turn OFF promiscuous mode
[ -D ] # Report dropped packets
[ -S ] # Report packet size
[ -i file ] # Read previously captured packets
[ -o file ] # Capture packets in file
[ -n file ] # Load addr-to-name table from file
[ -N ] # Create addr-to-name table
[ -t r|a|d ] # Time: Relative, Absolute or Delta
[ -v ] # Verbose packet display
[ -V ] # Show all summary lines
[ -p first[,last] ] # Select packet(s) to display
[ -x offset[,length] ] # Hex dump from offset for length
[ -C ] # Print packet filter code
[ -q ] # Suppress printing packet count
[ -r ]
EXAMPLES OF SNOOP:
1. capture all packets going to and from the box gagan007.
# snoop host gagan0072. We can also see all
packets that goes through specific port. In this case it is port 22.
# snoop port 223. To examine only
packets on specific interface (eth0) and store the output to the file, enter
the following:
# snoop -d eth0 -o /tmp/output1.file4. You can read your
captured output file by issuing following command:
# snoop -i /tmp/output.file
# snoop -v host system2 port 5135. Observing Traffic by Identifying the Zone# snoop -I eth0 gagan1 -I eth1 gagan2
Thank you for your Details Descriptive Material
ReplyDelete