Try to get comfortable with some basic options in tcpdump or in Wireshark. Can you answer the following questions ?
How do you write the output to a file? How do you read from a file ?
tcpdump -w
tcpdump -r
How do you enable or disable name and port number resolution ?
tcpdump -n
How do you look at all of the data in human readable form ?
tcpdump -r
How would you filter out everything but IP packets ?
tcpdump ip
How would you trace everything going to a web server ?
tcpdump port http
tcpdump port 80
tcpdump -i eth0
How would you look for specific data in a packet?
tcpdump -X
If you’re interested in the mac addresses: Quick, link-level header, count 1 packet:
tcpdump -qec1
Include data in the capture:
tcpdump -qec1 -x
More examples to follow…
To generate traffic, use ping or nmap or pingbat:
nmap –sP 192.168.0.1-255
nmap –sP 182.168.0.1-255 –T 1
nmap –sP 182.168.0.1-255 –T 5
Pingbat1.pl
#!/usr/bin/perl
$victimsnet = shift || "192.168.0." ;
print "Pinging the network $victimsnet :\n" ;
$host = 1;
$hostmax = 255 ;
while($host <= $hostmax) {
$loopaddr = $victimsnet . $host ;
print `ping -w 1 $loopaddr` ;
++$host ;}
Pingbat2.pl
#!/usr/bin/perl
$victimsnet = shift || "192.168.0." ;
print "Pinging the network $victimsnet :\n" ;
$host = 1;
$hostmax = 255 ;
while($host <= $hostmax) {
$loopaddr = $victimsnet . $host ;
$waittime = int(rand(10)) ;
sleep $waittime ;
print `ping -w 1 $loopaddr` ;
++$host ; }
Pingbat3.pl
#!/usr/bin/perl
$victimsnet = shift || "192.168.0." ;
print "Pinging the network $victimsnet :\n" ;
$fndarray = "" ;
$cnt = 0 ;
$hostmax = 255 ;
while($cnt <= $hostmax){
$host = int(rand($hostmax)) ;
next if ($fndarray =~ /$host/) ;
++$cnt ;
$loopaddr = $victimsnet . $host ;
$waittime = int(rand(10)) ;
sleep $waittime ;
print `ping -w 1 $loopaddr` ;
$fndarray .= " " . $host ;}