Bharatiya Vidya Bhavan’s

Sardar Patel Institute of Technology

Bhavan’s Campus, Munshi Nagar, Andheri (West), Mumbai-400058-India
(Autonomous College Affiliated to University of Mumbai)
Department of Electronics and Telecommunication

Course code EC 307 Computer Communication Network 2022-23

Name: Gaurang Gawas UID: 2021201071

Aim: Study and analyze the packet capturing or sniffing using Tcpdump.

Apparatus (Software): Desktop/ Laptop, OS(Windows, Ubuntu, Android )

Theory:
● Introduction to Tcpdump
Tcpdump is a powerful network analysis tool used to capture and analyze network
traffic. It can be used to diagnose and troubleshoot network issues, as well as to
monitor network activity for security purposes. Tcpdump works by capturing the
packets transmitted on a network and analyzing them to extract information about
the network traffic. It is available on most Unix-based operating systems and can
be used to capture both IPv4 and IPv6 packets.

● Basic usage of Tcpdump

Tcpdump can be used to capture network traffic by specifying the interface and
port to monitor. Once the capture is started, Tcpdump will output the packets
in real-time to standard output, allowing you to analyze them in detail. You can
also save the captured packets to a file for later analysis. Additionally, Tcpdump
provides various options to filter and display only the packets of interest, such as
by source or destination IP address, port number, or protocol.

● Network traffic analysis of HTTP, FTP protocol

Tcpdump can be used to analyze network traffic using various protocols, including
HTTP, TCP, and FTP. To analyze HTTP traffic, you can use the "-i" option to
specify the interface to monitor, and then use the "-w" option to specify the output
file name. You can also use the "- s" option to capture the HTTP headers, and the
"-c" option to specify the maximum number of packets to capture. For TCP traffic,
you can use the "-i" option to specify the interface and the "-v" option to enable
verbose output. This will provide more detailed information about the packets
being transmitted. Finally, for FTP traffic, you can use the "-i" option to specify
the interface, and the "-v" option to enable verbose output. This will provide
detailed information about the FTP commands being sent and received.
Write Procedure:

□ How to capture the packet using Tcpdump

Steps to capture packets using Tcpdump:
● Install Tcpdump on your device. Open a terminal window and run the
command
`sudo Tcpdump -i eth0`. Replace `eth0` with the name of the interface you
want to monitor (e.g., `wlan0`, `enp0s31f6`, `lo`).
● Tcpdump will start capturing packets and output them to standard output.
You can also redirect the output to a file by using the `-c` option followed
by the name of the file.
● To stop the capture, use the command `sudo Tcpdump -c 100000`. This
will stopTcpdump after capturing 100,000 packets. If you want to capture
more or less packets, use the `-c` option followed by the desired number
of packets.
● To view the captured packets, you can use the `Tcpdump` command with
the
`-v` option. This will show detailed information about each packet,
including the source and destination IP addresses, port numbers, and
protocols.

□ How to analyze packet

Some different Tcpdump commands that you can use to analyze captured packets:
● `Tcpdump -i eth0 port 80`: This command will capture all HTTP traffic on
the
`eth0` interface. The `-i eth0` option specifies the interface to use, and
the
`port 80` option specifies the port to monitor.
● `Tcpdump -i eth0 host 192.168.1.0/24`: This command will capture all
traffic destined for or originating from the IP addresses in the
`192.168.1.0/24` subnet on the `eth0` interface. The `host` option specifies
the host or network to monitor.
● `Tcpdump -i eth0 -n`: This command will not display any output from
Tcpdump. This is useful for quickly viewing captured packets without any
additional information.
● `Tcpdump -i eth0 -C 10`: This command will capture 10 packets from
Tcpdump and display them in real time. The `-C` option controls the
number of packets to capture.
● `Tcpdump -i eth0 -z`: This command will capture packets in full-duplex
mode. The `-z` option specifies that Tcpdump should capture packets in
full-duplex mode.
● `Tcpdump -i eth0 -w capture.pcap`: This command will save the captured
packet to a file named `capture.pcap`. The `-w` option specifies the file to
save the packets to.
Output Screen and Interpretation:
1. Tcpdump

The `Tcpdump` command is used to capture and analyze network traffic using
the Linux kernel's packet monitoring system.
2. Tcpdump src <ip address>

The `Tcpdump src <ip address>` command is used to filter the packets that
Tcpdump captures based on the source IP address.
3. Tcpdump -x

The `Tcpdump -x` command is used to display the packets that Tcpdump
captures inHexadecimal format.
4. Tcpdump -A

The `Tcpdump -x` command is used to display the packets that Tcpdump
captures in ASCII format.
5. Tcpdump -i <interface>

The `Tcpdump -i <interface>` command is used to specify the network

interface to use when capturing packets with tcpdump.
6. Tcpdump -c <no. of packets>

The `Tcpdump -c <no. of packets>` command is used to specify the number of

packets that Tcpdump should capture before stopping.
7. Tcpdump -n -s 0 -i <port>

The `Tcpdump -n -s 0 -i <port>` command is used to capture and analyze

packets ona specific port on a network interface.
8. Tcpdump -i <interface> <host> <port>

The `Tcpdump -i <interface> <host> <port>` command is used to capture and

analyze packets that are sent to or received from a specific host on a network
interface. This command is useful for monitoring network traffic to or from a
specific host or for identifying specific types of traffic, such as HTTP or SMTP
traffic.
9. Tcpdump -i <interface> <port>

The `Tcpdump -i <interface> <port>` command is used to capture and analyze

packets that are sent to or received from a specific port on a network interface.
10. Tcpdump -i <interface>
<protocol>tcp
 udp

arp

The `Tcpdump -i <interface> <protocol>` command is used to capture and

analyze packets that use a specific protocol on a network interface.
11. Tcpdump -i <interface> proto <type>

The `Tcpdump -i <interface> proto <type>` command is used to capture and

analyze packets on a network interface using a specific protocol and protocol
type.
Conclusion
:
● The experiment showed us how to use tcpdump to capture and analyze
packets on a network.
● The experiment demonstrated how to use various Tcpdump commands to
filter and analyze the captured packets.
● The experiment showed us to save the captured packets to a file for later
analysis using Tcpdump.