akde/infosec

Information security is ultimately about managing risk

Sniffing network traffic (tcpdump)

, , , ,

tcpdump

Get incom­ing ICMP packets:

sudo tcpdump -i any icmp and src host $target

Nützliche Parameter

Domains nicht auflösen, IPs anzeigen

-n

Dump der Dat­en anzeigen

-X

Paket in ASCII anzeigen

-A

Umgang mit Dateien

Dump in Datei schreiben

tcpdump -w file

Dump aus Datei lesen

tcpdump -r file

Standard-Abfragen

tcpdump -n src|dst 10.10.10.10 and port 80 [-r file]
tcpdump -i eth0 -w core-10-11-1-234.dump

netsh (Windows)

Cap­ture

netsh trace start capture=yes ... wait some time ... netsh trace stop

Down­load the the file.Upload it to a sys­tem with etl2pcap to con­vert it for Wire­shark­Con­vert it

etl2pcapng.exe NetTrace.etl NetTrace.pcap

Analyse the pcap file.Use PCredz or oth­er sniff­ing tools to ana­lyze the file.

Analyse captured packets

Use the pcaphistogram.py script to analyse a cap­tured pcap file for entropy.

Leave a Reply

About

Personal collection of some infosec stuff. Primary purpose of this site is to collect and organize for myself.

Note: Some content is not publicly visible due to copyright issues. Therefore, some links could be broken.

Checklists

Categories

Checklists: Ports

python -c 'import pty;pty.spawn("/bin/bash")';

python3 -c 'import pty;pty.spawn("/bin/bash")';