Ask Your Question
0

How do i understand tcpdump output from Wireshark GUI tool

asked 2024-09-29 18:26:28 +0000

kaushalshriyan gravatar image

Hi,

How do i understand tcpdump output. Are there any tutorials or books or blogs to understand tcpdump output? I am able to capture the tcpdump.pcap file. I am unable to understand the tcpdump output when i load it from Wireshark.

Please guide me.

Best Regards,

Kaushal

edit retag flag offensive close merge delete

Comments

There are two types of output that tcpdump produces:

  1. printed output summarizing the contents of captured packets;
  2. capture files written with the -w flag.

Wireshark cannot read the first of those. It can read the second of those, but does not produce tcpdump output; it also shows the contents of captured packets, but in a different form.

To which of them are you referring?

Guy Harris gravatar imageGuy Harris ( 2024-09-30 06:55:50 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2024-09-30 11:33:54 +0000

hugo.vanderkooij gravatar image

Kaushal,

Start with learning about ethernet, IP, TCP and UDP. If you understand the protocols then you will learn to recognize them in the packet capture.

Then it's up to you what you want to know about higher protocols such as HTTP, SMTP, .....

But be aware you will have to invest some serious time into this learning process.

edit flag offensive delete link more

Comments

Thanks Hugo for the detailed explanation. Please point me to any tutorials or books or blogs to understand the tcpdump and wireshark application. Thanks in advance.

kaushalshriyan gravatar imagekaushalshriyan ( 2024-10-01 18:00:08 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2024-09-29 18:26:28 +0000

Seen: 120 times

Last updated: Sep 30