In this section, we are going to learn how to capture traffic. We are going to capture network traffic with a packet sniffer tool called tcpdump. This tool is used to filter or capture TCP/IP packets that are transferred or received over a network.
Besides having a terminal open, we need to remember a few concepts:
- Make sure the tcpdump tool is installed on your machine
Now we are going to use some tcpdump
commands to capture packets:
- To capture packets from an interface, use the following code:
$ sudo tcpdump -i eth0
- To print the captured packets in ASCII values, use the following code:
$ sudo tcpdump -A -i eth0
- To capture a specific number of packets, use the following code:
$ sudo tcpdump -c 10 -i eth0
- To print the captured packets in HEX and ASCII, use the following code:
$ sudo tcpdump -XX -i eth0
- To capture and save the packets in a specific file, use the following code:
$ sudo tcpdump -w 111.pcap -i eth0