There is so many different features to tcpdump for packet captures which can be used in many situations. Recently I wanted to capture traffic and grep on a certain string in the packet.
Installation
- On Linux Mint or Ubuntu :
Example
- To capture all http web traffic (port 80) containing 'www.wikipedia.org'
$ sudo tcpdump -i eth0 -A -nn -vvv -s 0 port 80 | grep -e 'www.wikipedia.org'
- Either open a browser or use 'wget'
- The capture will show for example
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
Host: www.wikipedia.org
<body id="www-wikipedia-org">
<form class="search-form" action="//www.wikipedia.org/search-redirect.php">
- It can be more useful to direct to a file :
- Note on some Linux systems you may need to direct all ASCII traffic to a file as the redirect after the grep may not work
$ sudo tcpdump -l -i eth0 -A -nn -vvv -s 0 port 80 > $HOME/tmp/wikipedia.tmp
- To sort by uniq values and count the amount of occurrences in columns
1 <span lang="no">Norsk (<a href="//no.wikipedia.org/" lang="nb">bokm..l</a> ... <a href="//nn.wikipedia.org/" lang="nn">nynorsk</a>)</span> ...
1 ..&..O.. href="//chy.wikipedia.org/" lang="chy">Ts..hesen..stsestotse</a> ...
No comments:
Post a Comment