 The packets sent from my wired LAN interface, ETA0, to another computer and that are sent into my computer, I'd like to record them, save them in a file, capture them. In the same way that I'd like to record audio sometimes on my computer, how do I record audio? On your computer, you can use some audio software to record audio. So, on these computers, there's different software. Audacity is some audio software and it records the audio input. It saves to a file. You can also record the screen. You can use some media player, usually VLC for example, has an option to capture, open the capture device and record the desktop, some sort of screencast. So, we can record inputs to our computer in the same way as recording audio and video. We can record packets. We capture packets. And then we'll look at those packets and see what's happening from observing them. How do we capture packets? Two pieces of software we'll use. One of them is Wireshark. Wireshark is a comprehensive piece of software that allows us to capture packets and view them, look at them. But another one, which is just on the command line, is called TCP Dump. It can capture packets. It doesn't just capture TCP packets, it captures all others as well. The old, originally it was focused on TCP packets, but now it covers everything. So, we will use the command line program called TCP Dump to capture packets, save them in a file, and then we will use the GUI program Wireshark to look at them. It's hard to look at them with TCP Dump. It's not so nice. So, we use a combination. So, let's try. We'll capture some packets. There's an example there, but we'll try. And then you'll have some tasks today, three tasks today to do some captures and observe some things about protocols. First, a demo. We're going to capture packets with TCP Dump. That's the command. And which packets do I want to capture? Which network device do I want to capture from? I need to specify. So, again, before that, I have config. I have config shows me the different interfaces I have. I have ETH0, ETH1, ETH2, LO. I want to capture on the one that's being used. Which one's the yellow cable plugged into? It's ETH0. So, TCP Dump, interface ETH0. Record everything that interface ETH0 is sending or receiving. What's minus N do? I've used it in other networking commands. What's it do? Minus N. Really, you think of it as no nicknames. With respect to addresses, show the raw addresses. Don't give me nicknames. I don't like nicknames because they can maybe confuse things sometimes. I'd prefer to see the raw addresses. So, many networking commands, there's a minus N option to show the raw addresses. I will use that. And let's start capturing. And it says you can't do that. You're not permitted to run TCP Dump. You're not allowed to capture everything sent into the computer. If you could, when someone else is logged into the computer, you could run TCP Dump and record everything they send, including all their passwords sent out to the websites. So, TCP Dump is a protected command. You need to be admin or super user to do that. So, what do we do? Super user do. Pseudo. Do it as super user. And because I'm zoomed in a lot, you can run it there. I'll just bring up another window where I'll do it. Minus N. And we need the password for student and we run. And it starts printing packets, one line per packet captured on the screen. And it's just a summary of each packet. Now, it's hard for me to read. The packets are scrolling through. There's many packets there. It's hard for me to observe what's happening because it's happening so fast. There's so much information there. So, although TCP Dump records packets, it's just displaying them on the screen. So, let's stop that. Control C. It shows me that there were 600 packets captured. Fine. Yours will be different, maybe. So, what I want to do is, instead of print them to the screen, I'll write them to a file. And there is an option to write them to a file. You don't have to redirect. It writes a special format using minus W. And O will use the extension pcap packet capture as the extension. It's nice to use that extension because it's recognized by the next piece of software, Wireshark. So, instead of printing on the screen, write to a file. And now it says it's listening. So, it's really capturing now. And nothing's printed on the screen. It should be saving in a file. Now, let me in my other terminal do something. Let me access a website. Access the ICT website. Just download the web page. And it downloads the web page. And hopefully, the packets which were sent to and from my computer to download that web page were recorded by TCP dump. So, I access the web page. Go back to TCP dump. And let's stop the capture using Control C. Print some summary stats. 711 packets captured. So, what we're going to use is use TCP dump to record or capture packets. And then we want to look at them. And TCP dump is not so nice to look at them. So, we will use the GUI Wireshark. You can either type Wireshark followed by the file name or you can open via the shark fin.