Find the answer to your Linux question:
Results 1 to 9 of 9
Hi, I use the following command to store the packet information in a file: tcpdump -wfilename But now when i open up this file using vi the contents are all ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2006
    Posts
    14

    Tcpdump question?


    Hi,

    I use the following command to store the packet information in a file:

    tcpdump -wfilename

    But now when i open up this file using vi the contents are all encrypted,

    What am i doing wrong?
    Can somebody siggest me something.
    Its kinda urgent

  2. #2
    Linux Enthusiast
    Join Date
    Apr 2004
    Location
    UK
    Posts
    682
    It's not encrypted, just encoded. You need a program that can read the dump files. Which program you want depends on why you are listening to the network.

    Of course, if you just want to see what's being passed back and forth...

    Code:
    #tcpdump -s 1024 -X
    Let us know how you get on,

    Chris...
    To be good, you must first be bad. "Newbie" is a rank, not a slight.

  3. #3
    Just Joined!
    Join Date
    Jan 2006
    Posts
    14
    I am going to run a Scalper Worm on a Testbed and try to collect its traces in a Tcpdump file.
    But before doing that i just wanted to have a feel of the experiment, can you suggest me a simple tool to install and then interpret the Tcpdump file, how is ethereal? Currently i am using FreeBSD as the OS.

    Thanks for the help

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Enthusiast
    Join Date
    Apr 2004
    Location
    UK
    Posts
    682
    I don't have a whole lot of experience with analysing tcpdump logs, but ethereal is an excellent piece of kit. The times I have had to look at network traffic I have just used the packet capture functions inside ethereal itself.

    A quick google suggests that it will work fine with tcpdump logs and FreeBSD so unless someone suggests something better, I'd go with that.

    Let us know how you get on,

    Chris...
    To be good, you must first be bad. "Newbie" is a rank, not a slight.

  6. #5
    Just Joined!
    Join Date
    Jan 2006
    Posts
    14
    Hey, thanks for the reply
    i am currently using tcpdump on a network. It consist of 3 nodes. A, B and C. A is connected to B and B to C. The tcpdump is run on Node B, but it does noot seem to capture the packets which are going from A to C, through B. it only captures packets which are either sourced from or destined to node B. You have any idea.
    I SSH to all these nodes from my account and tcpdump is already present in my account. So i just use the SUDO command to run this software on any node. What i am trying to say is that tcpdump is not specifically installed on node B.
    SUDO command allows a person to run as a root
    i have also converted the mode to promiscuous
    one more thing, the packets are going for sure from A to C via B. This is because there is no other route for them to follow. If i run tcpdump on node C then it captures these packets.
    I have tried using tethereal, but it gives the same results as tcpdump

  7. #6
    Linux Enthusiast
    Join Date
    Apr 2004
    Location
    UK
    Posts
    682
    How does machine B go about routing the traffic from A to C? From what you have said, B has two network cards in it, each connected to one other PC.

    Have you bridged the devices?

    I'm not sure what the problem is yet, but I have a couple of ideas to follow up. If you could answer these questions it would help a lot.

    Chris...
    To be good, you must first be bad. "Newbie" is a rank, not a slight.

  8. #7
    Just Joined!
    Join Date
    Jan 2006
    Posts
    14
    Hey,

    I am using an NS script to bulid the topology.

    Consider the following script, it is little different than what i had mentioned.

    set ns [new Simulator]
    source tb_compat.tcl

    set OS0 RHL9-STD
    set OS1 FBSD410-STD
    set OS2 RHL9-STD
    set OS3 FBSD410-STD

    set node0 [$ns node]
    tb-set-node-os $node0 $OS0
    set node1 [$ns node]
    tb-set-node-os $node1 $OS1
    set node2 [$ns node]
    tb-set-node-os $node2 $OS2
    set node3 [$ns node]
    tb-set-node-os $node3 $OS3

    set link0 [$ns duplex-link $node0 $node2 1000Mb 0ms DropTail]
    set link1 [$ns duplex-link $node1 $node2 1000Mb 0ms DropTail]
    set link2 [$ns duplex-link $node2 $node3 1000Mb 0ms DropTail]

    $ns rtproto Static
    $ns run

    The topology is shown as follows:

    -------- --------
    |Node 0 | |Node 1|
    -------- --------
    \ Attacker / Normal client
    \ /
    \ /
    \ /
    --------
    |Node 2| Gateway
    --------
    |
    |
    |
    --------
    |Node 3| Server
    --------

    This statement :$ns rtproto Static in the above script is used to enable routing.
    Now i send traffic from Node0 to Node3, i start tcpdump on node2. But i cannot capture the packets which are going from node0 to node3. I can only capture the packets which are either or sourced or destined to Node 2.

  9. #8
    Just Joined!
    Join Date
    Jan 2006
    Posts
    14
    One more thing that i would like to add is that i am using the Apache-scalp.c (available on net) program on node0 to attack apache installed on node3. The attacke takes place successfully, i.e the apache error_log shows memory faults but there are no sign of packest.

  10. #9
    Just Joined!
    Join Date
    Jan 2006
    Posts
    14
    BINGO!!! Problem Solved. Turns out i was listening on the wrong interface.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •