Thursday, December 2, 2010

TcpDump

Introduction
A project I was working on required me to verify network traffic activity over specific ports.  I have not had much experience doing this but I knew Linux tcpdump would be my tool of choice.  Unfortunately, I was working in a Windows environment but it was easy enough to find a port of tcpdump for Windows.

Download
I found MicroOlap had an easy to use port of tcpdump available for download.
http://www.microolap.com/products/network/tcpdump/

Installation
Installation is simple, just unzip it.

Find Your Network Interface (Device)
Your computer may have more than one network interface.  A laptop will have an Ethernet card for a network cable but it will also have a wireless Ethernet card.  You need to know which one you are using and tell tcpdump to listen for network traffic on the device.  To get a list of devices on your computer, use the -D switch.

C:\Apps\tcpdump>tcpdump -D

*******************************************************************
**                                                               **
**        Tcpdump v4.0.0 (October 27, 2008) for Windows          **
**          Win 98/ME/NT4/2000/XP/2003/Vista/2008/Win7           **
**                                                               **
**      built with MicroOLAP Packet Sniffer SDK v4.2 and         **
**   MicroOLAP WinPCap to Packet Sniffer SDK migration module.   **
**                                                               **
**     Copyright (c) 1997 - 2009 MicroOLAP Technologies LTD,     **
**                  Khalturin A.P. & Naumov D.A.                 **
**                   http://www.microolap.com                    **
**                                                               **
**                         Trial license.                        **
**                                                               **
*******************************************************************

1.\Device\PssdkLoopback (PSSDK Loopback Ethernet Emulation Adapter)
2.\Device\{8C8A81C7-D190-4A6D-88D9-7C83CF11BD1F} (VMware Virtual Ethernet Adapter for VMnet1)
3.\Device\{9AA64137-DCCD-4292-802D-7568D75004AA} (DW1520 Wireless-N WLAN Half-Mini Card)
4.\Device\{B58EA48A-BD5C-400D-94FD-02659C8B659A} (Intel(R) 82577LM Gigabit Network Connection)
5.\Device\{F61893D4-5284-48ED-960D-27A777C4D1DC} (Check Point Virtual Network Adapter For SecureClient)
6.\Device\{952066E8-9363-4AB5-8E8F-20F64C7DB32F} (VMware Virtual Ethernet Adapter for VMnet8)

Listen for Incoming Traffic on a Specific Port
After determining your interface, run the following command to listen for incoming traffic on a specific port.

C:\Apps\tcpdump>tcpdump -i 5 -nnvvXSs 1514 port %PORT_NUMBER%

-i 5  Specifies to which interface to use, which in this example is #5 above.
%PORT_NUMBER% Is replaced with the port number to listen for incoming traffic.

There is a lot more to tcpdump, but that is enough for now.

No comments:

Post a Comment