Technical Communication Omnipcx Enterprise: Tcpdump
Technical Communication Omnipcx Enterprise: Tcpdump
Technical Communication Omnipcx Enterprise: Tcpdump
No. TC0506
Nb of pages : 2
TEMPORARY
PERMANENT
1.
PURPOSE
The tcpdump tool embedded on Call Server (version using Linux operating system i.e. R5.0 Lx and R5.1) is a tool for capturing and displaying the IP packets. It can be used as help to diagnostic. It displays the packets in hexadecimal or semi-hexadecimal mode (certain parts in light and other ones into hexadecimal). Options exist in order to filter the packets for particular protocols or hosts. It can also record the capture in a file to be read later on by a more advanced software (sniffer). Indeed, the format of the file recorded by tcpdump can be read by the most free softwares trade (Example: ethereal, packetizer, ).
2.
USE
tcpdump must be launched under root. For security reasons, its execution is logged in the messages and syslog files of Call Server. Some options can be added to the command: refer to documentation of the type "Man page" available on the Web or on a Unix machine on which the documentation is embedded. Only some current and essential options are provided in this document. Options tcpdump host <a.b.c.d> tcpdump host <a.b.c.d> or host <k.l.m.n> tcpdump port <x> tcpdump n tcpdump tcpdump tcpdump tcpdump v x -w /tmpd/packets -c 3000 -w /tmpd/packets Selecting all the traffic from and to a machine Idem but for two machines Selecting all the traffic for a specific port No conversion of addresses names (only the IP addresses are displayed) Mode "verbose" (additional information) Displaying each packet in mode hexadecimal Recording all the traffic into a file Recording 3000 IP frames into a file (the program quits on packet 3001)
Few important keywords to filter the packets: Type Direction Protocole host, net, port src, dst, src or dst, src and dst ether, ip, udp, tcp, etc.
Consult the documentation for more information on expressions to be completed for the filtering.
No. TC0506
Nb of pages : 2
TEMPORARY
PERMANENT
SUBJECT : USE OF THE TOOL TCPDUMP ON OmniPCX Entreprise Notes The options can of course be combined between them: Example : tcpdump n host <a.b.c.d> and port 23 To read a file recorded by tcpdump on "ethereal" for example, it is enough to launch "ethereal" and to open the recorded file (it does not matter the extension of this file). It is possible to read a file recorded by tcpdump by tcpdump itself: tcpdump -r <file>. In this case, the filters can also be associated: Example : tcpdump arp -r <file>