Professional Documents
Culture Documents
CMSY-164
Introduction to IDS
Lab 2
Objective: Capture network traffic in a 'pcap' binary file, display it in a human readable format, and
identify protocols and their important fields.
Tools:
1) tcpdump: premier and simple network analysis sniffer tool in Unix
2) vim/leafpad: Text editor to view text file.
3) Kali: OS Distribution for pen testing.
Instructions:
a) Logon to Kali Linux
b) Click on Terminal
c) Finding out your IP and Network
o Logon to Kali Linux (based on Lab 1)
o Click on Terminal
o Create directory (folders) to store your labs and class materials
In terminal type mkdir p ~/CMSY164lab{1..10}
o In terminal type:
ifconfig
What is the IP address of eth0? Is that the primary IP to get to the
internet?
10.0.2.15 is the IP address of eth0. Yes, it is the primary IP to get
to the internet
tcpdump
In terminal type tcpdump D how many interface does tcpdump
recognize
Tcpdump reports 6 interfaces.
Based on the above tcpdump and using the IP header diagram, please
answer the following:
o What is the hexadecimal value of :
Checksum
De2e
Identification
Df72