Networking: Tcpdump: The Basics (TryHackMe)

J3bitokJ3bitok
1 min read

In this article, I will write a write-up for Tcpdump: The Basics that covers Basic Packet Capture, Filtering Expressions, Advanced Filtering, and Displaying Packets as ways to use tcpdump to save, filter and display packet.

  1. What is the name of the library that is associated with tcpdump? libpcap

  2. What option can you add to your command to display addresses only in numeric format? -n

  3. How many packets in traffic.pcap use the ICMP protocol? 26

  4. What is the IP address of the host that asked for the MAC address of 192.168.124.137? 192.168.124.148

  5. What hostname (subdomain) appears in the first DNS query? mirrors.rockylinux.org

  6. How many packets have only the TCP Reset (RST) flag set? 57

  7. What is the IP address of the host that sent packets larger than 15000 bytes? 185.117.80.53

  8. What is the MAC address of the host that sent an ARP request? 52:54:00:7c:d3:5b

Using this command tcpdump -r traffic.pcap -e

Thank you for reading my article. Please leave any questions or comments on improving my learning journey and the THM challenges. We can also connect more on LinkedIn or X.

0
Subscribe to my newsletter

Read articles from J3bitok directly inside your inbox. Subscribe to the newsletter, and don't miss out.

tcpdumpnetworkingWrite Up

Written by

J3bitok
J3bitok

Software Developer Learning Cloud and Cybersecurity Open for roles * If you're in the early stages of your career in software development (student or still looking for an entry-level role) and in need of mentorship you can book a session with me on Mentorlst.com.