Now that I got pointed to this twice (see “Via” below), I need to get one so I can play with it: [Wayback/Archive] GitHub – i-am-shodan/USBArmyKnife: USB Army Knife – the ultimate close access tool for penetration testers and red teamers.
Via:
Archive for the ‘Wireshark’ Category
Guess the maximum DNS Response Size… (by Jan Schaumann)
Posted by jpluimers on 2023/12/26
Every once in a while Jan Schaumann writes a long Twitter thread and saves it in a blog post. Always good ways to learn. This time it was no different: [Wayback/Archive] DNS Response Size started with
Share this:
Posted in Communications Development, Development, DNS, Internet, Internet protocol suite, IPv4, IPv6, Power User, TCP, tcpdump, UDP, Wireshark | Leave a Comment »
Wireshark Cheat Sheet – Commands, Captures, Filters, Shortcuts
Posted by jpluimers on 2023/02/28
[Wayback/Archive] Wireshark Cheat Sheet – Commands, Captures, Filters, Shortcuts
It is available both a huge [Wayback/Archive] jpg (2500×2096 pixels), so it already prints well on A5 or A4 sized paper for reference and as a [Wayback/Archive] PDF (so you can print it on even larger paper sizes).
Via: [Archive] Murdock (@Generic42) / Twitter in a DM.
–jeroen
Share this:
Posted in *nix, *nix-tools, Communications Development, Development, Hardware, Network-and-equipment, Power User, Software Development, Wireshark | Leave a Comment »
console convert pcap to wav: not easily possible; use the WireShark GUI to do
Posted by jpluimers on 2021/12/01
Wanting a simple way on the console to convert a .pcap file to a .wav file, I searched for [Wayback] console convert pcap to wav – Google Search.
The reason is that [Wayback] fritzcap (written in Python) sometimes crashes while doing the conversion of a phone recording, so then only the .pcap file is available. I still want to figure this out, but given my health situation, I might not be able to in time.
Share this:
Posted in *nix, *nix-tools, Audio, Development, ffmpeg, Fritz!, Fritz!Box, fritzcap, Hardware, Media, Network-and-equipment, Power User, Python, Scripting, Software Development, Wireshark | Leave a Comment »
🔎Julia Evans🔍 on Twitter: “ngrep: grep your network!… “
Posted by jpluimers on 2021/02/16
[WayBack] 🔎Julia Evans🔍 on Twitter: “ngrep: grep your network!… “
So this taught me a new tool and other new things:
Share this:
Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, Power User, Software Development, Wireshark | Leave a Comment »
56 Linux Networking commands and scripts
Posted by jpluimers on 2021/01/25
Back in 2019, there were 56 commands and scripts covered. I wonder how many there are now.
An ongoing list of Linux Networking Commands and Scripts. These commands and scripts can be used to configure or troubleshoot your Linux network.
Source: [WayBack] 55 Linux Networking commands and scripts
List back then (which goes beyond just built-in commands: many commands from optional packages are here as well):
- arpwatch – Ethernet Activity Monitor.
- bmon – bandwidth monitor and rate estimator.
- bwm-ng – live network bandwidth monitor.
- curl – transferring data with URLs. (or try httpie)
- darkstat – captures network traffic, usage statistics.
- dhclient – Dynamic Host Configuration Protocol Client
- dig – query DNS servers for information.
- dstat – replacement for vmstat, iostat, mpstat, netstat and ifstat.
- ethtool – utility for controlling network drivers and hardware.
- gated – gateway routing daemon.
- host – DNS lookup utility.
- hping – TCP/IP packet assembler/analyzer.
- ibmonitor – shows bandwidth and total data transferred.
- ifstat – report network interfaces bandwidth.
- iftop – display bandwidth usage.
- ip (PDF file) – a command with more features that ifconfig (net-tools).
- iperf3 – network bandwidth measurement tool. (above screenshot Stacklinux VPS)
- iproute2 – collection of utilities for controlling TCP/IP.
- iptables – take control of network traffic.
- IPTraf – An IP Network Monitor.
- iputils – set of small useful utilities for Linux networking.
- jwhois (whois) – client for the whois service.
- “lsof -i” – reveal information about your network sockets.
- mtr – network diagnostic tool.
- net-tools – utilities include: arp, hostname, ifconfig, netstat, rarp, route, plipconfig, slattach, mii-tool, iptunnel and ipmaddr.
- ncat – improved re-implementation of the venerable netcat.
- netcat – networking utility for reading/writing network connections.
- nethogs – a small ‘net top’ tool.
- Netperf – Network bandwidth Testing.
- netsniff-ng – Swiss army knife for daily Linux network plumbing.
- netstat – Print network connections, routing tables, statistics, etc.
- netwatch – monitoring Network Connections.
- ngrep – grep applied to the network layer.
- nload – display network usage.
- nmap – network discovery and security auditing.
- nslookup – query Internet name servers interactively.
- ping – send icmp echo_request to network hosts.
- route – show / manipulate the IP routing table.
- slurm – network load monitor.
- snort – Network Intrusion Detection and Prevention System.
- smokeping – keeps track of your network latency.
- socat – establishes two bidirectional byte streams and transfers data between them.
- speedometer – Measure and display the rate of data across a network.
- speedtest-cli – test internet bandwidth using speedtest.net
- ss – utility to investigate sockets.
- ssh – secure system administration and file transfers over insecure networks.
- tcpdump – command-line packet analyzer.
- tcptrack – Displays information about tcp connections on a network interface.
- telnet – user interface to the TELNET protocol.
- tracepath – very similar function to traceroute.
- traceroute – print the route packets trace to network host.
- vnStat – network traffic monitor.
- wget – retrieving files using HTTP, HTTPS, FTP and FTPS.
- Wireless Tools for Linux – includes iwconfig, iwlist, iwspy, iwpriv and ifrename.
- Wireshark – network protocol analyzer.
Via:
- [WayBack] Trying to list All Linux Networking Commands and Scripts. Got to 55 and counting. #linux #commandline #networking – Hayden James – Google+
- [WayBack] Nice one – Jürgen Christoffel – Google+
–jeroen
Share this:
Posted in *nix, *nix-tools, cURL, dig, Internet, nmap, Power User, SpeedTest, ssh/sshd, tcpdump, Wireshark | Leave a Comment »
When your triple/quad-play providers refuse to give your VoIP SIP credentials, but allows access to your modem: use Wireshark on the WAN side
Posted by jpluimers on 2019/04/12
Every now and then I hear about providers that refuse to hand over the VoIP SIP credentials.
If you do have access to your modem, you can Wireshark the WAN side, then reset the modem and capture traffic until it has obtained the VoIP information:
[WayBack] Telfort SIP (getest met Glasvezel) | Het leven van Teus & Simone:
Veel mensen op het forum van Telfort vragen zich af of ze de SIP gegevens kunnen krijgen voor telefonie zodat men de ExperiaBox niet hoeven te gebruiken. Gezien dat de Telfort Support deze gegevens…
Via:
- [WayBack] [Ubiquiti-apparatuur] Ervaringen & Discussie – Deel 2 – Netwerken – GoT
- [WayBack] SIP Telefonie – Wachtwoord achterhalen van provider (telfort)
Ik heb het zelf uitgeprobeerd en je kan inderdaad je wachtwoord achterhalen, ik heb screenshots en aanvullende data toegevoegd…
–jeroen
Share this:
Posted in *nix, *nix-tools, Internet, Power User, Wireshark | Leave a Comment »
How I use Wireshark – Julia Evans
Posted by jpluimers on 2018/08/03
Cool set of steps on [WayBack] How I use Wireshark – Julia Evans who uses the combination of tcpdump to dump traffic in pcap files and Wireshark to analyse the pcap files after copying them using scp. On many platforms, Wireshark can also capture the ptrace files for you.
Via: [WayBack] 🔎Julia Evans🔍 on Twitter: “how I use Wireshark https://t.co/j699JXrjaH” which has some nice comments including:
- adding
ptraceto your tool-kit - not needing
scpfor copying, as you can do [WayBack]dumpcapover an existing ssh connection:- You might like this snippet, saves you the need to do the scp dance:
wireshark -k -i <(ssh <IP> "sudo dumpcap -P -w - -f 'not tcp port 22'")
- You might like this snippet, saves you the need to do the scp dance:
–jeroen
Share this:
Posted in *nix, *nix-tools, Conference Topics, Conferences, Event, Power User, Wireshark | Leave a Comment »
Some Wireshark links
Posted by jpluimers on 2017/04/24
I don’t use Wireshark enough to be fluent, so here are some links and quotes that proved to be useful for me:
- How do I view a raw HTTP request/response? – Wireshark Q&A: Right click one of the frames and select ‘Follow’, then ‘TCP stream’.
- Hyper_Text_Transfer_Protocol – The Wireshark Wiki: You cannot directly filter HTTP protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.
- These two are totally different beasts: CaptureFilters – The Wireshark Wiki and DisplayFilters – The Wireshark Wiki
- I used this DisplayFilter a while ago:
(ip.dst == 192.168.99.61 && ip.src == 192.168.99.38) || (ip.dst == 192.168.99.38 && ip.src == 192.168.99.61) && http
which seems equivalent to
(ip.addr == 192.168.99.61 && ip.src == 192.168.99.38) && http - For SOAPAction traffic (and the HTTP responses), I often start with:
http contains "SOAPAction:" || http contains "HTTP" - I used these CaptureFilters a while ago as well:
src 213.146.155.196 and tcp port 8500ether host MAC 00:21:AC:01:08:B1
- Display filters can become very complex.
- One of the things I needed was to filter on hex content. This is using the
frame containsclause will match any binary content in the frame (you can be more specific with for instance tcp containsor data contains (which uses the data dissector). Example:(frame contains 21:00 || frame contains 00:21) && tcp.len > 0 - Some examples: Top 10 Wireshark Filters (by Chris Greer)
- The matches operator works for RegEx matches on plain text:
data.data matches "\xa4.\xc3...\xb2" - MAC addresses need to have the : as separator (a – does not work), like in
eth.src == MAC 00:21:AC:01:08:B1
- One of the things I needed was to filter on hex content. This is using the
- I used this DisplayFilter a while ago:
- WIRESHARK – The Easy Tutorial – Filters
- I find the WireShark User’s Guid sections often a lot harder to read than the Wiki pages on the same topics, for instance the CaptureFilter Section and Build DisplayFilter Section.
- exporting payload data in binary file – Wireshark Q&A
- tcpdump: Re: tcpdump filter for HTTP GET
- which uses hex offsets explained at Wireshark · Wireshark-users: Re: [Wireshark-users] Hex Offset Needed
- Wireshark · String-Matching Capture Filter Generator is really really cool. It gets you
GETastcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420POSTastcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354 && tcp[((tcp[12:1] & 0xf0) >> 2) + 4:1] = 0x20
- Capture file saving:
- capture files do not store everything.
- From the UI, you cannot save captures while capturing.
- You can setup capture options to save captures periodically.
–jeroen
Share this:
Posted in *nix, *nix-tools, Power User, Wireshark | Leave a Comment »
Sniffers, Packet Capture – PFSenseDocs – cool, as it uses tcpdump/Wireshark format!
Posted by jpluimers on 2017/03/13
I hadn’t done a lot with pfSense in the past, which I regret a bit since I discovered this really cool feature: Sniffers, Packet Capture – PFSenseDocs.
The coolness isn’t so much that you can capture packets, but that it’s compatible with tcpdump and Wireshark (which has become available natively for Mac like 2 years ago).
Which means that you can download captures and open them in Wireshark.
So it’s as easy as 1,2,3:
- Set-up the capture on your router https://a.b.c.d/diag_packet_capture.php and start it
- Stop the capture and download the file
- Open the file in Wireshark or convert it to text using tshark
–jeroen
Share this:
Posted in *nix, *nix-tools, Internet, Monitoring, pfSense, Power User, routers, tcpdump, Wireshark | Leave a Comment »
The Wiert Corner - irregular stream of stuff 