Tcpdump prints out the headers of packets on a network interface that match the boolean expression. It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface. In all cases, only packets that match expression will be processed by tcpdump.
tcpdump usage
[ -C file_size ] [ -F file ]
[ -i interface ] [ -m module ] [ -r file ]
[ -s snaplen ] [ -T type ] [ -U user ] [ -w file ]
[ -E algo:secret ] [ expression ]
Packet filter: tcpdump
Backtrack 5R1
sending a ping from 192.168.1.2 > 192.168.58.2
root@bt:/# tcpdump -i eth0 host 192.168.1.2 (your machines IP address)
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:31:43.402435 IP 192.168.1.2 > 192.168.58.2: ICMP echo request, id 23105, seq 1, length 64
13:31:43.402980 IP 192.168.58.2 > 192.168.1.2: ICMP echo reply, id 23105, seq 1, length 64
13:31:44.404576 IP 192.168.1.2 > 192.168.58.2: ICMP echo request, id 23105, seq 2, length 64
13:31:44.405019 IP 192.168.58.2 > 192.168.1.2: ICMP echo reply, id 23105, seq 2, length 64
13:31:45.405054 IP 192.168.1.2 > 192.168.58.2: ICMP echo request, id 23105, seq 3, length 64
13:31:45.405567 IP 192.168.58.2 > 192.168.1.2: ICMP echo reply, id 23105, seq 3, length 64
13:31:48.399990 ARP, Request who-has 192.168.1.2 tell 192.168.58.2, length 46
13:31:48.400016 ARP, Reply 192.168.1.2 is-at 08:00:27:4f:d2:1f (oui Unknown), length 28
myexploit 