Software install under Linux & packet capturePractical 2

Part 1 – Installing software from binary or source

Almost all the software for the semester is available in the 'Tools' directory in /root/Desktop/Tools.

What does it mean if someone says: 'some software is distributed as source code, and some as binary'?What is the difference between installing software from source code and binary?

What is a .tar.gz file?

What command line utility would you use to decompress a .tar.gz file under your CentOS virtual machine? What command options would you use?

Most of the software provided in source-code format can be installed by un-compressing, moving into the resulting directory, and typing:./configuremakemake install

If this does not work, you will have to read the “readme” file that comes with the software.

What is an .rpm file?

Install Wireshark from RPM (binary). Note that you will need to remove the current, broken, copy of Wireshark that is installed. To work out how to do this, do some research on the command line program 'rpm'.

Page 1 of 2

Part 2 – Packet sniffing with Wireshark & tcpdump

Two programs for the capturing of packets are tcpdump & Wireshark.

What is Wireshark? What is tcpdump? How are they similar? How are they different?At what layer do these programs operate?

In the context of packet capture, what is a filter?

Use both of these programs to capture packets from the eth0 network interface of your CentOS virtual machine. With both programs, explore the use of a 'filter' to reduce the types of packets captured. (Note: the VAN can be quiet at times – you may have to generate your own traffic to see anything.)

(Some helpful references: http://www.howtogeek.com/104278/how-to-use-wireshark-to-capture-filter-and-inspect-packets/ & http://danielmiessler.com/study/tcpdump/ )

What is the difference between the eth0 and lo interfaces?

These tools require you to run them with system ('root') privileges to capture packets from a network interface. Why?

When we say an Ethernet interface is in “promiscuous mode” - what does this mean?

Capture a variety of packets. Make sure you can identify the different headers of the various packets.

Part 3 - Applied Wireshark (do this at home)

The traffic flowing across your home network will be more interesting and complex than the traffic on the VAN. Capture packets on a home machine, as you use it to visit various websites.

Page 2 of 2