Network Applications and Network Applications Lab
Chapter Two Notes
Other Chapter Notes:
to TCPdump and TCP
cannot do analysis without a tool of some sort.
or Windump (for windows) is used to give you some insight into the
traffic on a network.
tool used to gather data from the network, decipher the bits, and
display the output in a readable format.
time watching the network traffic, this may help you in the future
the diagnose problems.
can only be run at the root level.
access to devices accessible to root only.
can use filters to choose what information is blocked and not
recorded and displayed.
default, TCPdump puts all the information collected on the screen.
times TCPdump will run in the background.
Store the information collected in binary so that you can
translate later for analysis.
tcpdump –w filename where filename is the name of the file.
the Amount of Data Collected
does not attempt to collect the entire datagram sent
:910000 nmap.edu.1173 >
dns.net.21: S 62697789: 62697789(0) win 512
:910000 = time stamp
= source host name
= source port number or port service
= This is the directional marker to indicate a directional flow
going from source to destination.
= Destination host name
= Destination port number (might me FTP)
= TCP flag, S represent SYN flag, which indicates a request to
start a TCP connection.
= Beginning TCP sequence number.
Ending TCP sequence number (data bytes). Sequence numbers
are used by TCP to order the data received.
512 - The receiving buffer size (in bytes) of nmap.edu for this
and Relative Sequence Numbers
sequence numbers are used by the destination host to reassemble TCP
traffic that arrives.
guarantees order whereas UDP doesn’t.
[Home] [Procedures] [Reading
Notes] [Back to Top]
Questions or Comments? Click here
to email me.