Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Google Cloud Platform icon
Labs

Utilize TCPDump for Packet Capture

In this hands-on lab, we will learn how to capture network traffic using the `tcpdump` command line tool. We will install and configure `tcpdump` on `Server1` to capture web traffic coming from `Client1`. **Note**: In the lab, you now must specify the capture interface now that the instance has ens5 instead of eth0. By default, tcpdump captures packets on eth0. ``` sudo tcpdump tcp port 80 -i ens5 -w capture.pcap ```

Try for free Contact sales
Google Cloud Platform icon
Labs

Path Info

Level
Clock icon Intermediate
Duration
Clock icon 1h 0m
Published
Clock icon Nov 14, 2018

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Install Tcpdump

    Your first task is to install tcpdump. In the video, I ran the command as root — your command will be slightly different.

    1. Run the following command:
    sudo yum install tcpdump
    1. When prompted, enter the password for cloud_user.

  2. Challenge

    Begin the Packet Capture

    Begin the packet capture process. You will want to apply a capture filter to limit tcpdump to capture only web requests.

    sudo tcpdump tcp port 80 -i ens5 -w capture.pcap

  3. Challenge

    Generate Traffic

    Because this isn't a public web server, you need to generate traffic from Client1 (10.0.1.11) to Server1 (10.0.1.10). This should be completed while the capture is running. I just ran curl on the headers of Server1 in the Solution video, which can be completed by running the following command from Client1 a few times:

    curl -I 10.0.1.10

  4. Challenge

    Cancel the Capture and View the Results

    1. After some traffic has been generated, cancel the running capture and view the file.
    #tcpdump -r capture.pcap
    1. Move the file to /root/ if it's not there already.
    sudo mv capture.pcap /root/capture.pcap
A Cloud Guru - Labs - Utilize TCPDump for Packet Capture
Author
A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans