tcpdump

tcpdump is the most widely used packet capture utility. It is available on Linux/Unix-based operating systems, which means it's installed by default in Kali Linux. It has the abilities to save captures to a .pcap file and read .pcap files.

tcpdump has a number of switches that you can use. Some of its common switches are as follows:

• tcpdump -d: Displays a list of interfaces
• tcpdump -i [interface]: Specifies an interface to perform the packet capture on
• tcpdump -c: Specifies the number of packets to capture
• tcpdump -w /path: Defines a file that tcpdump should write to
• tcpdump -r /path: Reads a capture file
• tcpdump -XX: Captures packets in ASCII or HEX

The following is a practical example of using tcpdump to capture FTP traffic. Using tcpdump, you are able to see the username and password in clear text, as shown in Figure 28:

You can replicate the preceding test by using a publicly accessible ftp server, which is used for speedtest. The URL is speedtest.tele2.net.