218 Chapter 9 ■ Sniffers
Wireshark command-line tools are important, but for the exam focus on
learning the interface; memorizing the list of CLI commands is sufficient.TCPdump
Now that you’ve seen the basics of how to use Wireshark, let’s move directly to getting
our hands dirty with TCPdump. This utility is a command line–based sniffer that is quite
robust in comparison to its GUI counterparts. TCPdump has been around for quite some
time, and it was the tool of choice well before Wireshark came on the scene. TCPdump is
native to Linux; the equivalent Windows tool is called Windump. In Exercise 9.2, you will
use TCPdump to capture packets.The following exercise is best completed using a virtual lab setup that has
at least two computers linked to the same network. The operating system
you use is your choice. In my lab I use a mix of Linux and Windows clients.EXERCISE 9.2Sniffing with TCPdump- First get your sniffing client ready by launching TCPdump on your BackTrack installa-
tion. If you run TCPdump without any switches or options, you can use the first or low-
est numbered NIC and begin to catch traffic from that interface. This exercise works fine
with the defaults. The following image shows the application up and running.