Termux Learn - Ethical Hacking in Hindi | Free Mobile Hacking Course

📦 Tcpdump क्या है?

Tcpdump एक powerful command-line packet analyzer है जो network traffic को capture और analyze करता है। यह बहुत lightweight और fast है।

👉 Linux/Unix systems में pre-installed या easily available होता है। Remote servers पर useful है जहाँ GUI नहीं होता।

🔍 Tcpdump क्या-क्या कर सकता है

Packet Capture

Live packets capture करना

Filtering

Specific traffic filter करना (port, IP, protocol)

Save to File

Capture को .pcap file में save करना

Protocol Analysis

TCP, UDP, ICMP, DNS, HTTP analyze करना

Real-time Monitoring

Network troubleshooting और security monitoring के लिए live traffic watch करना

⚙️ Kali NetHunter / Termux में Tcpdump install

aptInstallation Commands

System Update

apt update && apt upgrade

Install Tcpdump

apt install tcpdump

👉 Root permission चाहिए packet capture के लिए

💻 Basic Commands (Use)

👉 Commands को root के साथ run करो (sudo की जगह su):

List all network interfaces

tcpdump -D

Capture packets on interface

tcpdump -i wlan0

Capture specific number of packets

tcpdump -i wlan0 -c 100

Capture HTTP traffic only (port 80)

tcpdump -i wlan0 port 80

Capture specific IP traffic

tcpdump -i wlan0 host 192.168.1.1

Save capture to file

tcpdump -i wlan0 -w capture.pcap

🌐 Real Example (Practical समझ)

Example 1🎯 HTTP Traffic Capture

tcpdump -i wlan0 -A -s 0 'tcp port 80'

-i wlan0

Interface select

-A -s 0

ASCII output, full packet

'tcp port 80'

Port 80 filter

📊 Output समझो

मान लो output कुछ ऐसा आता है:

12:34:56.789012 IP 192.168.1.5.45678 > 93.184.216.34.80: Flags [P.], seq 1:100, ack 1, win 65535, length 99

GET / HTTP/1.1

Host: example.com

User-Agent: Mozilla/5.0

12:34:56.823456 IP 93.184.216.34.80 > 192.168.1.5.45678: Flags [P.], seq 1:456, ack 100, win 64240, length 455

HTTP/1.1 200 OK

Content-Type: text/html

🧠 इसका मतलब:

Timestamp

12:34:56.789012

Packet का exact time

IP Flow

192.168.1.5.45678 > 93.184.216.34.80

Source IP:Port → Dest IP:Port

Flags

[P.] (Push + Ack)

TCP connection state

Payload

GET / HTTP/1.1

HTTP request content

🔥 Advanced Example - Complex Filter

tcpdump -i wlan0 -n -nn 'tcp and (port 80 or port 443)' -s 0 -w https.pcap

👉 Command breakdown:

-n -nn

Don't resolve names (faster)

'tcp and (port 80 or port 443)'

HTTP + HTTPS filter

-s 0

Capture full packet

-w https.pcap

Save to file

👉 यह file को बाद में Wireshark में open करके analyze कर सकते हो

⚠️ Important Warning

बिना permission network traffic capture करना illegal हो सकता है

Practice के लिए use करो:

अपना local network
Own device traffic (loopback -i lo)
Authorized lab/test environment

👉 Root access required: Packet capture के लिए sudo/su permissions चाहिए

🧩 Related Tools

Wireshark

GUI packet analyzer

Ettercap

MITM attacks

Bettercap

Network Swiss knife

Nmap

Network scanning

💡 Simple समझ

Tcpdump = "Network का Binocular"

CLI में network packets को देखने का तरीका — fast, powerful, और servers पर useful।