Tutorials and How-tos/Tcpdump

From BubbaWiki
Jump to navigation Jump to search

Tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. It was originally written in 1987 by Van Jacobson, Craig Leres and Steven McCanne who were, at the time, working in the Lawrence Berkeley Laboratory Network Research Group. Distributed under the BSD license,[1] tcpdump is free software. Tcpdump works on most Unix-like operating systems: Linux, Solaris, BSD, Mac OS X, HP-UX and AIX among others. In those systems, tcpdump uses the libpcap library to capture packets. (Source: http://en.wikipedia.org/wiki/Tcpdump)

Login to your bubba server using SSH and when logged in do:

su


Now you have root access and can install the program

apt-get install tcpdump


Now you have a packet sniffer installed which is useful for troubleshooting. More information and examples can be found at: http://danielmiessler.com/study/tcpdump/