1. Is needed to install the tcpdump tool in our server to capture packets, the file is attached to this post you need to decompress and copy the file into the /sbin directory, you can use WinSCP to copy the file.
2. After copy the file in the /sbin directory the command will be available.
3. We can créate a directory to sabe all our captures in the same folder, for example we can create a test_capture:mkdir /home/ test_capture
4. We can move to cd /home/ test_capture, to execute the command and the files will be stored in this directory:
5. The example command is the following:
tcpdump -i interface_name-X -vvv -n -s0 host XXX.XXX.XXX.XXX-w filename.cap
Parameters description:
–i: for interface, is the interface we are going to capture the traffic, it can be for exmaple –i ethX or -i bondX (X is the number of port or bond).
-X: When parsing and printing, in addition to printing the headers of each packet, print the data of each packet (minus its link level header) in hex and ASCII. This is very handy for analysing new protocols.
-vvv: for a Full and more detailed verbose output
-n: to do not convert ip address to names
-s0: to set the snaplen to 0
host XXX.XXX.XXX.XXX to set the IP of the host we need to trace (to trace just one camera as example)
-w filename.cap to set the name of the file it will be created.
We need to stop the capture with Ctrl+C, then we can change the permissions to copy to an usb to use a sniffing tool to analyze.
