Network traffic analysis
This time, we'll work on a program that receives a network connection and sends back some data. We will be using the file available at https://github.com/PacktPublishing/Mastering-Reverse-Engineering/raw/master/ch6/server. Once you have it downloaded, execute it from the Terminal as follows:
The program is a server program that waits for connections to port 9999
. To test this out, open a browser, then use the IP address of the machine where the server is running, plus the port. For example, use 127.0.0.1:9999
if you're trying this from your own machine. You might see something like the following output:
To understand network traffic, we need to capture some network packets by using tools such as tcpdump
. tcpdump
is usually pre-installed in Linux distributions. Open another Terminal and use the following command:
sudo tcpdump -i lo 'port 9999' -w captured.pcap
Here's a brief explanation of the parameters used:
-i lo
uses the loopback
network interface. We have used it...