220 Chapter 9 ■ Sniffers
- There are a couple of ways to read the captured log file. One is with TCPdump, but let’s
do it the fancy way and use Wireshark to open the capture.
TCPdump has a substantial number of switches and options. Just pull up
the main page and you can see for yourself. For the CEH exam, focus on
the common usable options, which we cover shortly.As of this writing, the CEH exam does not have any hands-on simulations,
so don’t freak out if you’re not a TCPdump or Wireshark master just yet
(however, you should still practice these skills for the real world). Knowing
how they work and how to read the output are the important parts. Take
the time to play around with both utilities and learn all their little nuances.Sniffing a network in a quiet and effective manner is an integral skill in an ethical
hacker’s toolkit. Setting up the connection properly and capturing traffic successfully
is extremely important, but as a hacker you must also possess the ability to dig into the
packets you’ve captured. In the next section you’ll learn how to do that. The ability to read