Try to get comfortable with some basic options in tcpdump or in Wireshark. Can you answer the following questions ?

How do you write the output to a file? How do you read from a file ?

tcpdump -w
tcpdump -r

How do you enable or disable name and port number resolution ?

tcpdump -n

How do you look at all of the data in human readable form ?

tcpdump -r

How would you filter out everything but IP packets ?

tcpdump ip

How would you trace everything going to a web server ?

tcpdump port http
tcpdump port 80
tcpdump -i eth0

How would you look for specific data in a packet?

tcpdump -X

If you’re interested in the mac addresses: Quick, link-level header, count 1 packet:
tcpdump -qec1

Include data in the capture:
tcpdump -qec1 -x

More examples to follow…


To generate traffic, use ping or nmap or pingbat:

nmap –sP 192.168.0.1-255

nmap –sP 182.168.0.1-255 –T 1

nmap –sP 182.168.0.1-255 –T 5


Pingbat1.pl

#!/usr/bin/perl
$victimsnet = shift || "192.168.0." ;
print "Pinging the network $victimsnet :\n" ;
$host = 1;
$hostmax = 255 ;
while($host <= $hostmax) {
$loopaddr = $victimsnet . $host ;
print `ping -w 1 $loopaddr` ;
++$host ;}

Pingbat2.pl

#!/usr/bin/perl
$victimsnet = shift || "192.168.0." ;
print "Pinging the network $victimsnet :\n" ;
$host = 1;
$hostmax = 255 ;
while($host <= $hostmax) {
$loopaddr = $victimsnet . $host ;
$waittime = int(rand(10)) ;
sleep $waittime ;
print `ping -w 1 $loopaddr` ;
++$host ; }

Pingbat3.pl

#!/usr/bin/perl
$victimsnet = shift || "192.168.0." ;
print "Pinging the network $victimsnet :\n" ;
$fndarray = "" ;
$cnt = 0 ;
$hostmax = 255 ;
while($cnt <= $hostmax){
$host = int(rand($hostmax)) ;
next if ($fndarray =~ /$host/) ;
++$cnt ;
$loopaddr = $victimsnet . $host ;
$waittime = int(rand(10)) ;
sleep $waittime ;
print `ping -w 1 $loopaddr` ;
$fndarray .= " " . $host ;}

Leave a Reply

Your email address will not be published.