Your Raspberry Pi in addition to being an excellent tool for learning Linux can also help you do packet captures of the traffic that is on the network cable. One of the tools that you can use is TCPDump. I have just inserted a freshly prepared SD card with the latest version of Raspbian installed. Make sure you do the usual sudo apt-get update to make sure you are working with the latest files for installing the latest version of tcpdump.
sudo apt-cache search tcpdump
Once you have that done, you can start the process of installing TCPDump.
sudo apt-get install tcpdump
To test that tcpdump is working, do sudo tcpdump and you should start seeing packets on the screen shortly. You can see an example of this in the video that accompanies this post.
If you don’t do sudo tcpdump, you will get the following error –
tcpdump: no suitable device found
If you want to capture just a few packets, you can use a command line something like this – sudo tcpdump -c 10. TCPDump will stop capturing after getting approximately 10 packets. You can capture just icmp packets by using sudo tcpdump icmp -c 10.
You can direct the packets you are seeing on the screen by using the -w flag and sending the packets to a file that you have named – sudo tcpdump -w test.pcap -c 10. This will write the data in pcap format and capture first 10 packets so that it is readable in Wireshark.
you can verify that the file exists by using the following command – ls *.pcap -all
You should see output that looks something like this –
pi@raspberrypi:~$ ls *.pcap -all
-rw-r–r– 1 root root 1144 May 15 21:34 test.pcap
To look at the pcap file, you will need to use wireshark, you may want to consider using either tftp or ftp which will need to be installed on the SSD card that tcpdump is installed on to assist in transferring the file off of the RPi. As a test, I tried to mount the SD card on my MacBook Pro and wasn’t able to see the file system. I will show in a later post and video about using SCP to copy of the files off of the SD card and onto your computer.
To see more of my posts about the Raspberry Pi, please go to http://www.ronnutter.com/category/raspberry-pi/