Saturday, August 12, 2017

Using Tcpdump to dump and read network traffic

Another Quick FYI tip.

There are many network analyzer/reader utilities available on both Linux and Windows platform. There is of-course Wireshark, the most preferred GUI network protocol analyzer, but I prefer tcpdump as it is very easy to use.

Lets get started with some examples then. Say if you want to capture all multicast data (from all interfaces), to a file, you run:

$> tcpdump -n "multicast" -vvv -w VideoStreamData.pcap
where:

  • -w flag writes the captured traffic to the filepath specified. 
  • -n flag avoid DNS look ups to convert host addresses to names. 


Or if you want to capture any packets with a specific destination IP say 172.68.1.1 and destination port 80 or 8080.

$> tcpdump -n "dst host 172.68.1.1 and (dst port 80 or dst port 8080)"
After you have captured network data in a pcap file with the tcpdump command, you can read the data packets in ASCII character sets with the command:

$> tcpdump  -A -r httpServerLogonMessages.pcap 
It comes in handy for reading http/web page traffic.

Or if you want to read the messages both HEX and ASCII along with header data.

$> tcpdump  -x -r MessengerCommunication_11July.pcap 
This comes in handy when you want to convert between different host and network byte order (or the other way round).

Read more about Big Endian to Little Endian conversion and vice-versa here

Sunday, August 06, 2017

Adding routes on a windows machine

Just a small FYI article.

We have multiple P2P lease lines in our office, connecting our different offices within the city, apart from multiple internet connections.
While trying to access these system its prefered to have them accessible over the leased line network.

All of our networks merge on the single LAN. So we need to add routes on our system to tell them, to direct which traffic through which router (as in the specific router connected to the leased line of a office).

For eg the LAN segment 192.66.222.0/8 (to our office in OfficeA1) is accessible via router 192.168.22.10 (which is the meeting point of one of the P2P from here to OfficeA1), run the following command from an elevated command prompt.


C:\>route add -p 192.66.222.0 mask 255.255.255.0 192.168.22.10
Similarly the LAN segment 192.122.72.0 is accessible via router ip 192.168.22.20

C:\>route add -p 192.122.72.0 mask 255.255.255.0 192.168.56.20

Section 80C TMT 2023(PA) – Standard Deduction amounting to a maximum of Rs 8670 under IT rule

With the recently concluded Tax filing season (which if I may draw parallel to the Christmas holiday season enjoyed by one and all), Indians...