Latest LQ Deal: Latest LQ Deals
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 06-13-2006, 02:22 PM   #1
LQ Newbie
Registered: Mar 2006
Posts: 9

Rep: Reputation: 0
Using Tcpdump and Tethereal to capture packets


I am trying to capture Network packets using tcpdump and tethereal.

I want to make an application that records the packets to detect attack signatures.

Can anyone tell me how to do it in a simple way.... Like how to detect a Neptune (Syn Flood ) attack....

I really need help for my work here....

Old 06-13-2006, 05:44 PM   #2
Senior Member
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
Why recreate the wheel, when there's Snort?
Old 06-14-2006, 09:49 AM   #3
LQ Newbie
Registered: Mar 2006
Posts: 9

Original Poster
Rep: Reputation: 0
Cool hi


I need this for my research.... trying to incorporate a few more features.....

Can you tell me how to compare the captured packets from Ethereal or TCPDUMP to detect signatures....

Old 06-14-2006, 09:54 AM   #4
Registered: Mar 2004
Posts: 135

Rep: Reputation: 15
If you want to implemented it in your research, you need to program using PCAP library. Just google PCAP and you will find tons of tutorial to do it. PCAP will give you opportunity to access every packet passing through the interface and you need to extract interesting features you wanted. It is easy to do. There are also wrapper for Python, Perl available if you want to start quickly.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
not capture payload with tcpdump? hedpe Linux - Networking 6 02-07-2006 03:23 PM
tethereal capture filter?? rgarner Linux - Software 5 10-22-2004 04:23 PM
tethereal and tcpdump: -y invalid data link type 1 murugesan Linux - Wireless Networking 0 05-31-2004 12:28 AM
Sniffing: tcpdump gets some initial packets merlin-themage Linux - Networking 0 05-28-2004 08:07 AM
tcpdump and dropped packets Blindsight Linux - Networking 5 07-14-2003 11:41 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:30 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration