Welcome to the Analyze Network Traffic with TCPDump project! This repository contains resources and examples for capturing and analyzing network traffic using the tcpdump
tool.
In this project, I explore the usage of the tcpdump
command-line tool to capture network traffic and analyze various protocols and data. This tool is commonly used for troubleshooting network issues, security analysis, and protocol debugging.
To get started with the project, I needed to have tcpdump
installed on my system. You can install it using package managers like apt
or brew
. Here's how to install it on Ubuntu:
sudo apt-get update
sudo apt-get install tcpdump
To capture network traffic using tcpdump, I used the following command:
sudo tcpdump -i eth0 -n -s 0 -w output.pcap
- -i eth0: Specifies the interface to capture traffic from.
- -n: Disables hostname resolution for faster capture.
- -s 0: Captures the entire packet.
- -w output.pcap: Writes the captured traffic to the output.pcap file.
To capture HTTP traffic, I used a filter to target HTTP packets:
sudo tcpdump -i eth0 -n -s 0 -w http_traffic.pcap port 80
To analyze DNS queries, I filtered for DNS packets:
sudo tcpdump -i eth0 -n -s 0 -w dns_queries.pcap port 53
Contributions to this project are welcome! If you find any issues or want to enhance the project, feel free to submit a pull request.