95 | 95 | Then type the command `sudo tcpdump -i eth0 -s 0 -x -w /tmp/direct.pcap.` This will begin listening to the traffic that comes through this node and that specific ethernet link, eth0 in the example, write the data out to the file direct.pcap in the tmp diretory. At this time, the person connected to Alice will enter the command `wget --no-proxy http://server1/cgi-bin/ip.cgi` This saves a local copy of the web page set up on the server, and by doing so generates HTTP traffic to examine. We were able to listen in on this traffic thanks to the `tcpdump` command. Then the users connected to Server1 will enter the command `cp /tmp/direct.pcap .` This will copy the file with the sniffed data into the users directory. We'll analyze what this data looks like and can tell us at a later time. However if you want to analyze this data now before we sniff more, proceed to Step 3 on this page. |