Howto install tcpdump on Ubuntu 12 or Debian

Howto install tcpdump on Ubuntu 12 or Debian

1. Install tcpdump on Ubuntu 12

root@ubuntu:~# apt-get install tcpdump
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following NEW packages will be installed:
tcpdump
0 upgraded, 1 newly installed, 0 to remove and 48 not upgraded.
Need to get 384 kB of archives.
After this operation, 930 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu/ precise/main tcpdump i386 4.2.1-1ubuntu2 [384 kB]
Fetched 384 kB in 4s (82.2 kB/s)
Selecting previously unselected package tcpdump.
(Reading database … 25878 files and directories currently installed.)
Unpacking tcpdump (from …/tcpdump_4.2.1-1ubuntu2_i386.deb) …
Processing triggers for man-db …
Setting up tcpdump (4.2.1-1ubuntu2) …
root@ubuntu:~#

2. Test tcpdump on Ubuntu

root@ubuntu:~# tcpdump -i eth0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
09:52:23.687242 IP channel-ecmp-05-ash3.facebook.com.http > 192.168.0.103.60215: Flags [.], ack 3971233676, win 221, length 0
09:52:23.992000 IP 192.168.0.103.61354 > star-01-02-lax1.facebook.com.http: Flags [S], seq 272410929, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:52:24.241923 IP 192.168.0.103.61355 > star-01-02-lax1.facebook.com.http: Flags [S], seq 964639124, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:52:24.261566 IP star-01-02-lax1.facebook.com.http > 192.168.0.103.61354: Flags [S.], seq 124240008, ack 272410930, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 9], length 0
09:52:24.261585 IP 192.168.0.103.61354 > star-01-02-lax1.facebook.com.http: Flags [.], ack 1, win 256, length 0
09:52:24.264247 IP 192.168.0.103.61354 > star-01-02-lax1.facebook.com.http: Flags [P.], seq 1:983, ack 1, win 256, length 982
09:52:24.461127 IP star-01-02-lax1.facebook.com.http > 192.168.0.103.61355: Flags [S.], seq 1454341754, ack 964639125, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 9], length 0
09:52:24.461145 IP 192.168.0.103.61355 > star-01-02-lax1.facebook.com.http: Flags [.], ack 1, win 256, length 0
09:52:24.504675 IP star-01-02-lax1.facebook.com.http > 192.168.0.103.61354: Flags [.], ack 983, win 33, length 0
09:52:24.582371 IP star-01-02-lax1.facebook.com.http > 192.168.0.103.61354: Flags [P.], seq 1:1280, ack 983, win 33, length 1279
09:52:24.582404 IP star-01-02-lax1.facebook.com.http > 192.168.0.103.61354: Flags [P.], seq 1280:1282, ack 983, win 33, length 2
09:52:24.582407 IP 192.168.0.103.61354 > star-01-02-lax1.facebook.com.http: Flags [.], ack 1282, win 251, length 0
09:52:24.582760 IP star-01-02-lax1.facebook.com.http > 192.168.0.103.61354: Flags [P.], seq 1282:1295, ack 983, win 33, length 13
09:52:24.584321 IP star-01-02-lax1.facebook.com.http > 192.168.0.103.61354: Flags [P.], seq 1295:1302, ack 983, win 33, length 7
09:52:24.584334 IP 192.168.0.103.61354 > star-01-02-lax1.facebook.com.http: Flags [.], ack 1302, win 251, length 0
09:52:24.584472 IP 192.168.0.103.61354 > star-01-02-lax1.facebook.com.http: Flags [F.], seq 983, ack 1302, win 251, length 0
09:52:24.782050 IP star-01-02-lax1.facebook.com.http > 192.168.0.103.61354: Flags [.], ack 984, win 33, length 0
09:52:24.782501 IP star-01-02-lax1.facebook.com.http > 192.168.0.103.61354: Flags [F.], seq 1302, ack 984, win 33, length 0
09:52:24.782506 IP 192.168.0.103.61354 > star-01-02-lax1.facebook.com.http: Flags [.], ack 1303, win 251, length 0
09:52:25.124932 IP 192.168.0.103.61356 > a60-254-131-71.deploy.akamaitechnologies.com.http: Flags [S], seq 2070987630, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:52:25.204141 IP a60-254-131-71.deploy.akamaitechnologies.com.http > 192.168.0.103.61356: Flags [S.], seq 3371425995, ack 2070987631, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 1], length 0
09:52:25.204296 IP 192.168.0.103.61356 > a60-254-131-71.deploy.akamaitechnologies.com.http: Flags [.], ack 1, win 256, length 0
09:52:25.222630 IP 192.168.0.103.61356 > a60-254-131-71.deploy.akamaitechnologies.com.http: Flags [P.], seq 1:403, ack 1, win 256, length 402
09:52:25.296189 IP a60-254-131-71.deploy.akamaitechnologies.com.http > 192.168.0.103.61356: Flags [.], ack 403, win 7836, length 0
09:52:25.327533 IP a60-254-131-71.deploy.akamaitechnologies.com.http > 192.168.0.103.61356: Flags [P.], seq 1:1403, ack 403, win 7836, length 1402
09:52:25.347663 IP a60-254-131-71.deploy.akamaitechnologies.com.http > 192.168.0.103.61356: Flags [.], seq 1403:2855, ack 403, win 7836, length 1452
09:52:25.347682 IP 192.168.0.103.61356 > a60-254-131-71.deploy.akamaitechnologies.com.http: Flags [.], ack 2855, win 256, length 0
09:52:25.347685 IP a60-254-131-71.deploy.akamaitechnologies.com.http > 192.168.0.103.61356: Flags [P.], seq 2855:3076, ack 403, win 7836, length 221
09:52:25.604568 IP 192.168.0.103.61356 > a60-254-131-71.deploy.akamaitechnologies.com.http: Flags [.], ack 3076, win 255, length 0
^C
29 packets captured
29 packets received by filter
0 packets dropped by kernel
root@ubuntu:~#

That’s all. Thanks for using IThelpblog.com

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>