Tcpdump: Difference between revisions
From Hackepedia
Jump to navigationJump to search
No edit summary |
No edit summary |
||
| Line 3: | Line 3: | ||
In [[OpenBSD]] one can only use tcpdump as [[root]]. This is a new implementation to ensure that privilege seperation works. | In [[OpenBSD]] one can only use tcpdump as [[root]]. This is a new implementation to ensure that privilege seperation works. | ||
Here is an example of seeing [[ICMP]] packets of type 8 (ECHO REQUEST): | Here is an example of seeing [[ICMP]] packets of type 8 (ECHO REQUEST or [[ping]] packets): | ||
# tcpdump -v -n -i pppoe0 icmp[0] == 8 | # tcpdump -v -n -i pppoe0 icmp[0] == 8 | ||
tcpdump: listening on pppoe0, link-type PPP_ETHER | tcpdump: listening on pppoe0, link-type PPP_ETHER | ||
13:35:51.690236 85.75.39.172 > 206.248.137.44: icmp: echo request (id:8e2c seq:0) (ttl 255, id 45180, len 84) | 13:35:51.690236 85.75.39.172 > 206.248.137.44: icmp: echo request (id:8e2c seq:0) (ttl 255, id 45180, len 84) | ||
Revision as of 03:41, 24 October 2005
tcpdump is a OSI layer 2+ sniffer. It'll sniff Ethernet, PPP, SLIP. The name is misleading since TCP is on OSI layer 4. tcpdump uses a library called libpcap which is a library that implements datalink (layer 2) capturing facilities. In BSD libpcap uses the bpf interface to access the data link.
In OpenBSD one can only use tcpdump as root. This is a new implementation to ensure that privilege seperation works.
Here is an example of seeing ICMP packets of type 8 (ECHO REQUEST or ping packets):
# tcpdump -v -n -i pppoe0 icmp[0] == 8 tcpdump: listening on pppoe0, link-type PPP_ETHER 13:35:51.690236 85.75.39.172 > 206.248.137.44: icmp: echo request (id:8e2c seq:0) (ttl 255, id 45180, len 84)
