Welcome to the Analyze Network Traffic with TCPDump project! This repository contains resources and examples for capturing and analyzing network traffic using the tcpdump tool.
In this project, I explore the usage of the tcpdump command-line tool to capture network traffic and analyze various protocols and data. This tool is commonly used for troubleshooting network issues, security analysis, and protocol debugging.
To get started with the project, I needed to have tcpdump installed on my system. You can install it using package managers like apt or brew. Here's how to install it on Ubuntu:
sudo apt-get update
sudo apt-get install tcpdumpTo capture network traffic using tcpdump, I used the following command:
sudo tcpdump -i eth0 -n -s 0 -w output.pcap- -i eth0: Specifies the interface to capture traffic from.
- -n: Disables hostname resolution for faster capture.
- -s 0: Captures the entire packet.
- -w output.pcap: Writes the captured traffic to the output.pcap file.
To capture HTTP traffic, I used a filter to target HTTP packets:
sudo tcpdump -i eth0 -n -s 0 -w http_traffic.pcap port 80To analyze DNS queries, I filtered for DNS packets:
sudo tcpdump -i eth0 -n -s 0 -w dns_queries.pcap port 53Contributions to this project are welcome! If you find any issues or want to enhance the project, feel free to submit a pull request.