Sniff Your own Networks with Tcpdump
by Boris Loza, PhD, CISSP
A sniffer is any device, software, or hardware that listens to all packets traveling along a network.
Bad guys use sniffers to breach your security by capturing and analyzing all network traffic. Good
guys use sniffers to protect the network.
Today you can find many different types of this software. Some sniffers are used by crackers, and
others by network administrators. Some sniffers are free, and some are expensive. Further, some
are simple. There are companies who produce entire suites of sniffer applications designed to
diagnose network problems. In this article, we'll show you how to use a freely available sniffer--
tcpdump.
About tcpdump
The tcpdump program was written by Van Jacobson, Craig Leres, and Steven McCanne, all of
the Lawrence Berkeley Laboratory at the University of California at Berkeley. Like any other
sniffers, tcpdump captures packets on the network by placing a local interface in promiscuous
mode. Normally, your network interface will ignore any pockets that aren't addressed to your
system. By placing your interface in promiscuous mode, tcpdump captures all packets,
regardless of address, and allows you to examine their headers. The tcpdump program also
allows you to extract particular types of network traffic based on header information.
Installing tcpdump
You can download tcpdump from tcpdump version found here was 3.4. You can also
download libpcap.tar.Z from the same destination
(*url;ftp://ftp.ee.lbl.gov/'>ftp://ftp.ee.lbl.gov/tcpdump.tar.Z*eurl. The latest tcpdump version found
here was 3.4. You can also download libpcap.tar.Z from the same destination
(*url;ftp://ftp.ee.lbl.gov/). This application is a system-independent interface for user-level packet
capture, and will be used in conjunction with tcpdump. You must install libpcap first. After
downloading files, type:
#zcat libpcap.tar.Z | tar xvf -
#zcat tcpdump.tar.Z | tar xvf -
This extracts the tcpdump and libpcap distributions. Then, go to the libpcap-0.4 directory
and read the INSTALL file. In most cases, it's enough just to type ./configure followed by
make install, make install-incl, and optionally make install-man. Doing so installs
剩余7页未读,继续阅读
资源评论
