TCP Headers Exercise 2

TCPDump

 

1.   TCPDump is only available on Linux/Unix computers.  To start TCPDump, go to a terminal window by clicking on the RedHat icon in the bottom left-hand corner of the screen.  Next, click on System Tools > Terminal.  To start the tcpdump capture process, type the following at the command prompt:

 

[root@localhost root]# tcpdump –w tcpdump_ftp.out

 

2.   Switch back to your FTP client (I use gFTP on Linux 9.0) and sign on to your FTP server.  After you successfully log in, disconnect by doing a right-click on the remote side of the screen (right) and choose Disconnect from the list.

3.   Click back on the terminal window.  Hold the “Ctrl” & “C” buttons simultaneously to stop the tcpdump capture.

4.   To view the output of the tcpdump, type the following at the command prompt:

 

[root@localhost root]# tcpdump –r tcpdump_ftp.out

 

5.   The format is harder to read than ethereal, but you can still find the username and password of an FTP process.

6.   A sample TCPDump of the FTP process is given here.