TCP/IP and tcpdump Pocket Reference Guide

By /

Listen to this Post

Featured Image
Understanding TCP/IP and mastering packet analysis with tcpdump is essential for network administrators, cybersecurity professionals, and IT enthusiasts. This guide provides a quick reference to key concepts, commands, and practical examples.

You Should Know:

1. TCP/IP Basics

TCP/IP (Transmission Control Protocol/Internet Protocol) is the backbone of internet communication. Key layers include:
– Application Layer (HTTP, FTP, SSH)
– Transport Layer (TCP, UDP)
– Internet Layer (IP, ICMP)
– Link Layer (Ethernet, ARP)

2. Essential tcpdump Commands

tcpdump is a powerful packet analyzer for Linux/Unix. Below are must-know commands:

  • Capture packets on a specific interface: 
    tcpdump -i eth0
  • Filter by IP (source/destination): 
    tcpdump host 192.168.1.1
  • Capture only HTTP traffic: 
    tcpdump -i eth0 port 80
  • Save packets to a file: 
    tcpdump -w capture.pcap
  • Read from a saved pcap file: 
    tcpdump -r capture.pcap
  • Filter by protocol (TCP/UDP/ICMP): 
    tcpdump tcp 
tcpdump udp 
tcpdump icmp
  • Capture packets with verbose output: 
    tcpdump -vv
  • Filter by port range: 
    tcpdump portrange 20-80

3. Advanced Filtering with BPF (Berkeley Packet Filter)

  • Filter by source IP and port: 
    tcpdump src 192.168.1.1 and port 22
  • Exclude SSH traffic: 
    tcpdump not port 22
  • Capture packets with specific payload (e.g., “password”): 
    tcpdump -A -s0 | grep "password"

4. Analyzing Network Issues

  • Detect ARP spoofing: 
    tcpdump -i eth0 arp
  • Monitor DNS queries: 
    tcpdump -i eth0 port 53
  • Check for SYN flood attacks: 
    tcpdump 'tcp[bash] & (tcp-syn) != 0'

5. Windows Equivalent (PowerShell & Wireshark)

  • Capture traffic with PowerShell: 
    Get-NetTCPConnection | Where-Object { $_.State -eq "Established" }
  • Use Wireshark for GUI analysis: 
    wireshark -k -i eth0

What Undercode Say:

Mastering TCP/IP and tcpdump is crucial for diagnosing network issues, detecting intrusions, and optimizing performance. Whether you’re analyzing packet flows, troubleshooting connectivity, or securing a network, these commands form the foundation of network forensics.

For further reading, check out:

Expected Output:

A comprehensive understanding of TCP/IP layers, tcpdump filtering, and real-world network analysis techniques. Use these commands to enhance security monitoring and network debugging.

References:

Reported By: Https: – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: