Tcpdump

Capture your packets to prove your work

tcpdump -nnX tcp and dst $IP
tcpdump -nn udp and src $IP
tcpdump -nn tcp and port 80 and host $IP
tcpdump -nv -s0 -w /tmp/winauth.pcap port 445

sudo tcpdump -i loopback   ..to watch
sudo tail -f /var/log/auth.log

tcpdump options:

  • Switches:

    • -n machine names

    • -nn machine names and port

    • -v verbose ..overkill

    • -w write to file (but wont get to see on-screen)

    • -x hex output

    • -X hex and ASCII

    • -A Ascii only ..doesnt work in all versions

    • -s0 grab-everything .. more effective in older systems

  • Wrap in Parentheses to group elements:

    • ether, ip, ip6, arp, rarp, tcp, udp

    • host, net, port, portrange

    • src, dst

    • and, or, not

Wireshark Extracts

  • File > Export Objects > HTTP Stream/Files

  • Wireshark Audio:

    • Telephony > RTP (Real Time Protocol) > Streams > Select > Analyze

    • > Play Multiple Streams, try each one!

  • Audio dump

    • open file.pcap in wireshark/windows

PreviousSSL IssuesNext03 Getting In

Last updated