tcpdump will work only if any packet transmission happens. If packet transmission has not occurred, no packets will be captured.
So, ensure the packet is getting transferred from device-1 to device-2. If not, ping from device-1 to device-2's IP because sending ping requests is also known as packet transmission.
How to initiate a ping request?
1. Get the IP address that is reachable via device-1's interface.
2. If the IP address of device-2 is IPv4, use the below command
ping <IPv4 address/URL>
To limit the number of ping request, use the option -c.
ping -c 2 <IPv4 address/URL>
If the IP address of device-2 is IPv6, use the below command
ping6 <IPv6 address/URL>
(or)
ping6 -c 2 <IPv6 address/URL>
Note: Search in google to get various options for ping command.
Now to capture the packet, we can use the tcpdump command in Linux prompt. Linux prompt is where you are able to execute the Linux commands.
For example,
If you are able to execute the command 'ifconfig', it will be the Linux prompt.
After finding the Linux prompt, get the proper interface from which the ping request is sent. This interface would act as the source interface for the ping packet. In a large network, to find the interface from which the ping request is sent, we can do tcpdump on each interface in which the IP address is configured. In a small network, the IP address/source interface is easy to identify from which the ping is triggered.
Simple tcpdump command would be:
tcpdump -i <interface-name> -w <file-name.pcap>
If -w option is not given, 'passing packets on the interface' logs will be thrown on the console itself.
Later, this file can be transferred to the desktop where the wireshark application is available.
Comments
Post a Comment