• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
KaliTut

KaliTut

Kali Linux tutorial and Linux system tips

  • Home
  • Raspberry Pi
  • Privacy Policy
  • About us

Record network traffic with the Raspberry Pi (tcpdump)

Last Updated on May 24, 2020 by Kalitut Leave a Comment

Record network traffic with the Raspberry Pi (tcpdump)

A Raspberry Pi configured as man-in-the-middle should record the network traffic. For example, to find errors in a network communication. The data traffic should be written to a file for later evaluation with Wireshark.
task

  • Record traffic via man-in-the-middle.
  • Evaluate the file with Wireshark.

Solution with tcpdump
This solution requires that you have a Raspberry Pi configured to a man-in-the-middle. In principle one can solve this task also with other configurations.

  • Set up network monitoring or man-in-the-middle using Raspberry Pi

Basically, one should note that when recording traffic very large amounts of data may be incurred. Therefore, you should first think about what and how much you want to record.
A first attempt should be limited to a maximum number of packages so you can see what awaits you:

sudo tcpdump -c 10

Or with the restriction to a specific port:

sudo tcpdump -i wlan0

If you want to capture the data, you can write them in Pcap format in a file:

sudo tcpdump -i wlan0 -p -w tcpdump.pcap

Normally, only the first 68 bytes of all packets are recorded. If this is not enough, you can use the parameter “-s …” to expand the package size or to record completely with “-s0”. A good value is “-s 96” (bytes).

If you want to record everything, then you should take into account that if someone is currently performing a download, the 2 GB is large, then that the data all land in the file. This can quickly clog the memory, which you do not necessarily want.

So that the recorded file does not become infinitely large, one can limit the file size to a manageable size:

tcpdump -n -i eth0 -s 96 -C 100 -W 15 -w tcpdump.pcap

Overview of parameters:

  • -n … no DNS resolution (costs time)
  • -i … interface (eg eth0 or wlan0)
  • -s … Recorded Package Info (96 is enough for the TCP / IP headers)
  • -C … max. Size of the file (in MByte)
  • -W … number of create files
  • -w … filename

Additionally there is the possibility to limit the data output of “tcpdump” with filters.

Note: The tcpdump network tool is intended to display or record traffic. For example, to understand processes in a network, to analyze networks, to search for errors, but also to record data. So you can do both good and bad with “tcpdump”. It is recommended to use “tcpdump” responsibly.

To evaluate the recorded data we recommend the network tool Wireshark.

Filed Under: Raspberry Pi Tagged With: Raspberry Pi tcpdump

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow us

  • Facebook
  • Twitter
  • YouTube

Categories

  • Android pentesting tools
  • Arduino
  • Books
  • Darknet
  • database
  • General
  • Github Tools
  • Hacking
  • Kali Linux
  • Linux
  • Linux Commands
  • Network Administrator
  • Penetration Testing
  • Penetration Testing Tools
  • PowerShell
  • Raspberry Pi
  • resources
  • Review
  • Termux
  • Tutorials
  • Ubuntu
  • Uncategorized
  • Video Tutorials
  • vmware
  • WiFi Adapter
  • WiFi Pentesting
  • Wireless Router
  • Wireshark

Recent Posts

  • Hijacked Wi-Fi? Thorough explanation of hacking techniques
  • Windows PowerShell tutorial for beginners
  • Learn to Hack Steps from Beginner to Hacker
  • PowerShell Tutorial – GUIDE introduction with basics
  • Top Hacking Tools
  • Home
  • About us
  • Privacy Policy
  • Affiliate disclaimer

Copyright © 2023