Tag: tcpdump

Posted on by

Practical Networking Commands pt.2

Click here to subscribe for more videos like this!

So, right now it’s not capturing any, let’s go ahead and do some updates. So, that just captured 10 of the packets from my machine that was essentially coming into my machine, and so we can analyze them a bit. We can see where they’re going to and where they’re coming from. So, we can see here basically, the first column is a time stamp, right. Over here we’ve got the IP address we’re sending from, so this is our machine here as you recall, and it’s sending this package out to our router which basically ends up here at this domain. And so that’s how to use you know tcpdump very, very minimally. There are some other options that we can go through as well for this command. So, you can print the captured packets in ASCII, so let’s go ahead and do that. “sudo tcpdump -c 10 -A” and this is going to print out the actual packets in ASCII. So, you can use this if you’re trying to see you know what exactly you’re getting in this just all looks like gibberish to me but it’s the packets are actually coming through, so that’s a neat way to use this command. So, basically if you only want to listen on one network interface, I’m going to run “ifconfig” again, and we can see wlo1 is the name of this device. So, what I’m gonna do is run “sudo tcpdump -c 5 -I wlo1” and what that -I does is it tells it to listen to a very specific interface that we define after that “-I”. Now, in addition to displaying the packets in ASCII format we can also display them in hex and ASCII. So, this may make sense for you if you’re looking for some hex response from these packets that are coming in and out, so what we’re gonna do is run “sudo tcpdump -XX -I wlo1” and this is gonna print out, I didn’t use the c flag so I’m just going to cancel there. So, this is gonna print out packets in hex and ASCII format. So, let me clear this. One other neat thing is you can capture packets from specific ports and so let’s go ahead and do that. So, let’s run “sudo tcpdump” and I’ll show you guys why that’s going to make sense here in a moment “-I wlo1” this is the name of my interface and then “port 22” Now, right now I don’t think I have any port 22’s going on here and that’s because port 22 is an SSH port. So, what I’m going to do is I’m going to connect to my server via SSH and we’re gonna packet activity here. So, here we see a bunch packets happening and each time you do something you can see exactly what’s happening here, and you would you be able to parse through these and you know basically see that there is activity, what kind of activity, and you know where it’s happening between. So, that is a bit about the “tcpdump” command. This is gonna be good with troubleshooting network activity, there’s not really many other uses that I can think for this, but if you have any uses for this that i don’t know about leave a comment I would like to know how you guys use this command if you do or any any practical applications that you think this command would serve.

Posted on by 1 Comment

Practical Networking Commands pt.1

Click here to subscribe for more videos like this!

Hey guys, welcome back. In this video we are going to get to some practical networking things, and this is all in terminal. And so the first thing we’re going to do is bring up terminal, and first I want to talk about the ping command and what this means and what it does. So, you can ping an IP address or a domain name to see if you can get a successful response from it. This is a great way let’s say you’re using a web, this is just an example, if you’re using a web browser and you’re trying to troubleshoot if the web browsers isn’t working or if your entire internet connection is not working, you might drop down here to command line and run a ping command on a known host that you know is always going to be up, for instance google.com. And so that’s exactly what we’re gonna do, so I’m just gonna type in the command ping and then the address of what I want to ping. And I’m getting a response and it tells us what length of time each response is taking to return to us, so yeah. It also shows other stuff like the exact IP address, the server that it’s reaching, and that good stuff. And this is gonna just go until you close it, so just CTRL+C to exit, and then it gives you a breakdown of what happens. You could let this run for a while to see if you’re getting any packet loss through your network card, and so that’s what pinging does. So I’m going to clear this up here and we’re going to talk about the command ifconfig. So, on Windows in command line you have a command called ipconfig and it spits out a whole bunch information about your network configuration. In Linux it’s ifconfig and it does the same here. I’m gonna run that command again. Alright, so this is going to link our addresses here or our network interfaces, and also any IP addresses that it has and whatnot. So, the first one is gonna be an ethernet which I don’t have plugged in right now, and so it’s gonna be basically not working. This is the name of that interface. This is our local loopback, so this is like a virtual interface that runs that it has our local host address here and it basically controls that, and then down here we have our wireless ethernet which we can see this is working as I have received bytes. So, “RX” basically means what you’ve received, “TX” basically means what you’ve transferred out. So, that’s how to read that. There’s an IP 6 address right here and my IP address, this is gonna be my NAT address and it gives ID’s and stuff of the network interface device. And so that’s basically how to use ifconfig, sometimes this might be useful to see if you know you’re getting a valid IP address from the router, to see you know if it’s actually working at all which you can see here mine is. I’m gonna clear this and what we’re going to go over now is a command called TCPDUMP. It’s a really powerful command line packet sniffer, so it can analyze the packets that are you know going in and out of your computer or your network. So, first thing we need to do is install it if we don’t already have it installed. So, “sudo apt-get install tcpdump” it’s probably already installed but just in case make sure, and it is it’s the newest version. So, this is a big command-line tool and I was gonna do more stuff in the video but I think we’re going to cut it off after this command. So, what we’re gonna do is basically just run the command “tcpdump” We don’t have permission to capture on that device so we’re going to run “sudo tcpdump” And this capturing all packets that are coming in and out of my computer. This is just gonna run until you cancel, so I’m just gonna cancel here. Now, as you can see that was a pretty big output and so what we can do is we can only capture a certain amount, so what we’re gonna do is that. How we do that is basically using the command “sudo tcpdump -c 10” and that’s good. Alright I have to run sudo. So, this is going to capture 10 packets.