In this hands-on lab, we will learn how to capture network traffic using the `tcpdump` command line tool. We will install and configure `tcpdump` on `Server1` to capture web traffic coming from `Client1`.
**Note**: In the lab, you now must specify the capture interface now that the instance has ens5 instead of eth0. By default, tcpdump captures packets on eth0.
“`
sudo tcpdump tcp port 80 -i ens5 -w capture.pcap
“`
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Install Tcpdump
Your first task is to install tcpdump. In the video, I ran the command as
root— your command will be slightly different.- Run the following command:
sudo yum install tcpdump - When prompted, enter the password for
cloud_user.
- Run the following command:
- Begin the Packet Capture
Begin the packet capture process. You will want to apply a capture filter to limit tcpdump to capture only web requests.
sudo tcpdump tcp port 80 -i ens5 -w capture.pcap- Generate Traffic
Because this isn’t a public web server, you need to generate traffic from Client1 (10.0.1.11) to Server1 (10.0.1.10). This should be completed while the capture is running. I just ran
curlon the headers of Server1 in the Solution video, which can be completed by running the following command from Client1 a few times:curl -I 10.0.1.10- Cancel the Capture and View the Results
- After some traffic has been generated, cancel the running capture and view the file.
#tcpdump -r capture.pcap - Move the file to
/root/if it’s not there already.sudo mv capture.pcap /root/capture.pcap
- After some traffic has been generated, cancel the running capture and view the file.
