TCPDUMP Lab

00:01

everyone Welcome back to the core. So in the last lab, we went ahead implies and filters and wire shock and TCP duck

00:07

in this video, we're gonna go ahead and cover TCP Dub. We're gonna run a few commands in it. Now, this lab's gonna be a little short. We're just gonna run a couple of commands in TCP. Don't just want to show you how to navigate to the lab and kind of walk through it step by step together,

00:20

as I mentioned before, in many times throughout this course, be sure to download a supplement to a resource is section that's gonna have a lot of information about wire shark and TCB dump, including filters and commands.

00:31

All right, so for this lab would be using the cyber lab environment like I've been doing it throughout the entire course. Now again, if you don't have that particular lab environment or the access to it, you just want to go ahead and make sure you're running TCP, dumping your own machine on, go ahead and just test it. That way you could still fall along the same commands. You just notice that any I P addresses

00:49

well more than likely released. They should be different

00:52

on your particular scent.

00:54

All right, let's go ahead and get started here. You should already be loved into the cyber. A website, and we're gonna go ahead, navigate to the lab now. So we're going to search in the search box for TCP dump all together there and you'll see once I do that. Number number one, it does show the lab. We were just in a little bit ago,

01:10

and then it's showing us TCP dump, which is the one we want. We're gonna click on this top one here.

01:14

We're gonna click on launch that green launch button there,

01:18

and then we're gonna click on the screen launch item. But that's gonna actually launch the last four. So it takes a moment to pull up. Someone pause. The video will come back to it once it's pulled up.

01:26

All right, so you'll see that the lab has environment has pulled up for us. You'll notice here that we got our traditional papa box that we've normally seen. We're just going to say next to that and then Okay. And that'll take us to our main desktop screen here. Now you'll also notice that the boon to, uh, desktop here just longest right in. We didn't have to put in the username password.

01:46

That's perfectly fine. Since we're in this particular lab environment, that's how it's configured.

01:49

All right, so let's go back to our step by step lab guide again. You can download these in the settlement of resource is section if you have not done so already.

01:57

All right, So we went ahead and closed our pop up box, and the next thing we're gonna do is actually launch a terminal window. So here in step by, so we can click on it. I've noticed a few minor issues in the super into environment. So a lot of times, what I like to do is just right Click and say New terminal. Uh, sometimes when you left click on it, it doesn't open it right away. So

02:15

I like to say timing is right. Click and say new terminal.

02:19

You'll see it opens the terminal window for us.

02:23

So the first thing we're gonna do it the terminal, we're gonna change directory. So we're going do si do you change directory and then change into this directory right here?

02:30

first, let's go and do that.

02:31

Type in seedy space. Ford slash home for slash student

02:38

four slash desktop with a capital D four slash captures

02:44

and then just press center on the keyboard. You'll see it's changed us into that directory.

02:50

All right, so now we're gonna just basically, look at them the manual for TCP dump. So if you're not familiar with Lennox at all, which again, that was one of pre Rex for the course. So you should understand what the man command does. But basically, for any type of tool that you're using in Lennox, if you're not familiar with it, you could just use man. It's a command that will show you the manual for the tool. So what that means is basically to show you,

03:09

like, what kind of flags and stuff like that to use once you could actually do with tools.

03:15

So we're just gonna type in man, and then TCP does

03:19

and you'll see here that if we want to scroll through it, we can see all sorts of good information about you know what is a tool? What does it do? What are some of the different flags that we can use.

03:28

How can we use them, et cetera, et cetera. Now, we're not gonna go through like the man, Paige, you know, But you're welcome to do so on your side. We do. Also wasn't mentioned again. Have information and supple rental resource is that's gonna help you out using this tool.

03:40

So once you're done looking through that, just go ahead and hit the cue button on your keyboard, and that'll just back you out of there and basically quit and take you back to that prompt right here.

03:53

All right, so the next thing we're gonna do is here and step 11

03:55

we're gonna go ahead. But basically list out all the interfaces that are available. Sze will use this command here. Now we're gonna do sudo so we can do it as route user. And then once we do that, it's gonna prompt us for a password. And that's gonna be the word student all over case.

04:09

So let's go and type in that command will do it step by step here. So we're a type in pseudo

04:14

space. TCP dump

04:17

space dash capital D

04:19

space dash list,

04:21

bath interfaces.

04:25

All right. Once you tried that in his press enter under keyboard. And then again, it's gonna prompt you for the password. You're just gonna type in student all over case you'll notice it doesn't actually show me the text on type. That's okay. We're that's to be expected.

04:36

And you noticed that once I type in the password there, it's going to show me my andr faces. So you see how he throw zero e th zero and I've also got my lube back in her face right there.

04:47

All right,

04:49

so I actually answered question over one for you, at least on my end. What interfaces are listed? So I went ahead and Mark goes down on your and just go ahead and mark those in there so you can keep track of them.

05:00

You know what? Step number 13 here.

05:02

We're just gonna type in this command right here to go to the teeth e th zero interface so soon. Oh, TCP dump Dash, Lower case. I e th zero. And then once we do that, we're gonna come down here in step 16 and actually just run Ping Command.

05:16

Marsellus, go ahead and do that. Now

05:18

it's worth happen. Pseudo space TCP dunk

05:24

space dash, lower case I space e th Oliver case and then the number zero. Then just press interview keyboard.

05:32

You'll see here it's going to start listening for us.

05:38

Yes. I'm gonna pause video briefly. It's gonna take just a moment to run that command.

05:42

All right, So once you've let that command run for, you know, roughly 10 to 15 seconds or so, we want to just open up a new terminal window, and that's where we're gonna run our ping command at. So the way you do that is just right. Click on the terminal and just say new terminal just like we did before the launch. This one.

05:56

So you see, in the background there, the command is still running.

05:59

And now what we're gonna do is here in step 16. We're just gonna run this ping command. Right? Here's what we're gonna do, Ping and then 10.0 dot Tenn 0.11.

06:08

All right, So what we want to keep an eye on once we run that ping command, we wanna look in our terminal window, hears of this original one here, but we want to see if we notice that I p address at 10.0 dot Tenn 0.11.

06:19

So if you notice that showing up there, then we know we're successful.

06:23

So let's go ahead and do that now. It's just I've been king

06:26

space 10.0 dot Tenn 0.11.

06:30

That just press enter into keyboard again. We want to look at this background here, and you notice there that I do see

06:35

the $10.11

06:38

at least on my end. And you should see the same result on your end as well.

06:43

All right. So question number two here, do you see the I P address that we had just typed in the original terminal window? And so the answer to that is, of course. Yes, I do.

06:50

Our son has come back to our command prompt. Here, we're gonna do control. See, now, in this one, we just run the ping command in to stop the ping command there. And if you want, you can type clear to clear out the screen, make a little prettier. You don't have to do that. It'll

07:05

all right. So, coming back to our lab document here, we're just gonna run our last command here. Just another ping command as well. What is gonna be opinion against not one too this time?

07:14

All right, So same thing here. We're gonna be pinging in this command prompt window and the issues in this terminal window, and then we're gonna be looking in the background here to see if we see the 0.12.

07:27

So let's do ping space 10-0 dot Tenn 0.12 and then just press enter on the keyboard again. We gotta look there, and we do see in the background that we see that same i p address killing.

07:42

All right, so we're gonna do Lastly is we want to see how many packets were captured in total in this particular terminal window here. So let's start our Excuse me. Let's stop our ping command here by control. See Anarchy Board. That'll stop that one there. We could actually ex out of that. We don't need that window anymore. And then in this terminal window here, we just want to do control, See,

08:01

And based on how long you let this, these different commands run for your packet. Maybe different. Your packets captured may be different than mine, so just keep that in mind. for your answer. But basically, question number three here is how many packets were captured in total, and you'll see here that I had 100 74 packets capture Total

08:20

are so in this lab, we just ran a couple of quick commands inside of TCP dump just to give you a little more hands on experience with it. And the next video were to jump in and I'll show you where we go to get our Capstone Lab again. That's gonna be for individuals that are there that's giving that have access to the cyber lab environment. If you do not, that what you want to do is just practice on your own, huh?

08:41

Environment with wire shark of TCP commands because that's primarily what

08:43

everyone else will be doing in the Capstone Lab will be focused on using wire shark and running different filters and commands inside of wire shark.