Try to get comfortable with some basic options in tcpdump or in Wireshark. Can you answer the following questions ?
How do you write the output to a file? How do you read from a file ?
tcpdump -w
tcpdump -r
How do you enable or disable name and port number resolution ?
tcpdump -n
How do you look at all of the data in human readable form ?
tcpdump -r
How would you filter out everything but IP packets ?
tcpdump ip
How would you trace everything going to a web server ?
tcpdump port http
tcpdump port 80
tcpdump -i eth0
How would you look for specific data in a packet?
tcpdump -X
If you’re interested in the mac addresses: Quick, link-level header, count 1 packet:
tcpdump -qec1
Include data in the capture:
tcpdump -qec1 -x
More examples to follow…
To generate traffic, use ping or nmap or pingbat:
nmap –sP 192.168.0.1-255
nmap –sP 182.168.0.1-255 –T 1
nmap –sP 182.168.0.1-255 –T 5
Pingbat1.pl #!/usr/bin/perl $victimsnet = shift || "192.168.0." ; print "Pinging the network $victimsnet :\n" ; $host = 1; $hostmax = 255 ; while($host <= $hostmax) { $loopaddr = $victimsnet . $host ; print `ping -w 1 $loopaddr` ; ++$host ;}
Pingbat2.pl #!/usr/bin/perl $victimsnet = shift || "192.168.0." ; print "Pinging the network $victimsnet :\n" ; $host = 1; $hostmax = 255 ; while($host <= $hostmax) { $loopaddr = $victimsnet . $host ; $waittime = int(rand(10)) ; sleep $waittime ; print `ping -w 1 $loopaddr` ; ++$host ; }
Pingbat3.pl #!/usr/bin/perl $victimsnet = shift || "192.168.0." ; print "Pinging the network $victimsnet :\n" ; $fndarray = "" ; $cnt = 0 ; $hostmax = 255 ; while($cnt <= $hostmax){ $host = int(rand($hostmax)) ; next if ($fndarray =~ /$host/) ; ++$cnt ; $loopaddr = $victimsnet . $host ; $waittime = int(rand(10)) ; sleep $waittime ; print `ping -w 1 $loopaddr` ; $fndarray .= " " . $host ;}