Tcpdump is one of the tool that are used for packet analyzer. With this tool, we can see the packet flow in the network.
The main command that are use in here is
tcpdump -vvn -i eth0 host <target IP> -w <filename>.pcap
-vvn mean verbose output
-i eth0 is the interface, you can see this in ifconfig
-w is to make the write into a file which is in pcap
In this test it, we need to set up 2 virtual machine first, I use kali linux and i set it in bridge network
- In here, i use VMware to make the virtual machine in my latop and i use kali linux, remember to set it to bridge connection
2. Open terminal and use ifconfig command to check the ip.
3. ping both ip from different vm
4. open browers in the target vm, I use Mozilla Firefox here
5. Use the command in the above which is
“tcpdump -vvn -i eth0 host <target IP> -w <filename>.pcap”
then it will start to capture the packet in the network, browse something in the browser then stop the command with Ctr + C
6. Open the pcap file and you can that there is laravel.com in one of the packet
