Archive for the ‘Wireshark’ Category
Posted by jpluimers on 2021/02/16
[WayBack] 🔎Julia Evans🔍 auf Twitter: “ngrep: grep your network!… “

So this taught me a new tool and other new things:
- ngrep – Wikipedia
ngrep is similar to tcpdump, but it has the ability to look for a regular expression in the payload of the packet, and show the matching packets on a screen or console. It allows users to see all unencrypted traffic being passed over the network, by putting the network interface into promiscuous mode.
ngrep with an appropriate BPF filter syntax, can be used to debug plain text protocols interactions like HTTP, SMTP, FTP, DNS, among others, or to search for a specific string or pattern, using a grep regular expression syntax.[4][5]
ngrep also can be used to capture traffic on the wire and store pcap dump files, or to read files generated by other sniffer applications, like tcpdump, or wireshark.
ngrep has various options or command line arguments. The ngrep man page in UNIX-like operating systems show a list of available options.
- [WayBack] GitHub – jpr5/ngrep.
ngrep is like GNU grep applied to the network layer. It’s a PCAP-based tool that allows you to specify an extended regular or hexadecimal expression to match against data payloads of packets. It understands many kinds of protocols, including IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw, across a wide variety of interface types, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
- [WayBack] BPF syntax
- Berkeley Packet Filter – Wikipedia
–jeroen
Read the rest of this entry »
Like this:
Like Loading...
Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, Power User, Software Development, Wireshark | Leave a Comment »
Posted by jpluimers on 2021/01/25
Back in 2019, there were 56 commands and scripts covered. I wonder how many there are now.
An ongoing list of Linux Networking Commands and Scripts. These commands and scripts can be used to configure or troubleshoot your Linux network.
Source: [WayBack] 55 Linux Networking commands and scripts
List back then (which goes beyond just built-in commands: many commands from optional packages are here as well):
- arpwatch – Ethernet Activity Monitor.
- bmon – bandwidth monitor and rate estimator.
- bwm-ng – live network bandwidth monitor.
- curl – transferring data with URLs. (or try httpie)
- darkstat – captures network traffic, usage statistics.
- dhclient – Dynamic Host Configuration Protocol Client
- dig – query DNS servers for information.
- dstat – replacement for vmstat, iostat, mpstat, netstat and ifstat.
- ethtool – utility for controlling network drivers and hardware.
- gated – gateway routing daemon.
- host – DNS lookup utility.
- hping – TCP/IP packet assembler/analyzer.
- ibmonitor – shows bandwidth and total data transferred.
- ifstat – report network interfaces bandwidth.
- iftop – display bandwidth usage.
- ip (PDF file) – a command with more features that ifconfig (net-tools).
- iperf3 – network bandwidth measurement tool. (above screenshot Stacklinux VPS)
- iproute2 – collection of utilities for controlling TCP/IP.
- iptables – take control of network traffic.
- IPTraf – An IP Network Monitor.
- iputils – set of small useful utilities for Linux networking.
- jwhois (whois) – client for the whois service.
- “lsof -i” – reveal information about your network sockets.
- mtr – network diagnostic tool.
- net-tools – utilities include: arp, hostname, ifconfig, netstat, rarp, route, plipconfig, slattach, mii-tool, iptunnel and ipmaddr.
- ncat – improved re-implementation of the venerable netcat.
- netcat – networking utility for reading/writing network connections.
- nethogs – a small ‘net top’ tool.
- Netperf – Network bandwidth Testing.
- netsniff-ng – Swiss army knife for daily Linux network plumbing.
- netstat – Print network connections, routing tables, statistics, etc.
- netwatch – monitoring Network Connections.
- ngrep – grep applied to the network layer.
- nload – display network usage.
- nmap – network discovery and security auditing.
- nslookup – query Internet name servers interactively.
- ping – send icmp echo_request to network hosts.
- route – show / manipulate the IP routing table.
- slurm – network load monitor.
- snort – Network Intrusion Detection and Prevention System.
- smokeping – keeps track of your network latency.
- socat – establishes two bidirectional byte streams and transfers data between them.
- speedometer – Measure and display the rate of data across a network.
- speedtest-cli – test internet bandwidth using speedtest.net
- ss – utility to investigate sockets.
- ssh – secure system administration and file transfers over insecure networks.
- tcpdump – command-line packet analyzer.
- tcptrack – Displays information about tcp connections on a network interface.
- telnet – user interface to the TELNET protocol.
- tracepath – very similar function to traceroute.
- traceroute – print the route packets trace to network host.
- vnStat – network traffic monitor.
- wget – retrieving files using HTTP, HTTPS, FTP and FTPS.
- Wireless Tools for Linux – includes iwconfig, iwlist, iwspy, iwpriv and ifrename.
- Wireshark – network protocol analyzer.
Via:
–jeroen
Like this:
Like Loading...
Posted in *nix, *nix-tools, cURL, dig, nmap, Power User, ssh/sshd, tcpdump, Wireshark | Leave a Comment »
Posted by jpluimers on 2019/04/12
Every now and then I hear about providers that refuse to hand over the VoIP SIP credentials.
If you do have access to your modem, you can Wireshark the WAN side, then reset the modem and capture traffic until it has obtained the VoIP information:
[WayBack] Telfort SIP (getest met Glasvezel) | Het leven van Teus & Simone:
Veel mensen op het forum van Telfort vragen zich af of ze de SIP gegevens kunnen krijgen voor telefonie zodat men de ExperiaBox niet hoeven te gebruiken. Gezien dat de Telfort Support deze gegevens…
Via:
–jeroen
Like this:
Like Loading...
Posted in *nix, *nix-tools, Internet, Power User, Wireshark | Leave a Comment »
Posted by jpluimers on 2018/08/03
Cool set of steps on [WayBack] How I use Wireshark – Julia Evans who uses the combination of tcpdump
to dump traffic in pcap
files and Wireshark to analyse the pcap
files after copying them using scp
. On many platforms, Wireshark can also capture the ptrace files for you.
Via: [WayBack] 🔎Julia Evans🔍 on Twitter: “how I use Wireshark https://t.co/j699JXrjaH” which has some nice comments including:
- adding
ptrace
to your tool-kit
- not needing
scp
for copying, as you can do [WayBack] dumpcap
over an existing ssh connection:
- You might like this snippet, saves you the need to do the scp dance:
wireshark -k -i <(ssh <IP> "sudo dumpcap -P -w - -f 'not tcp port 22'")
–jeroen
Like this:
Like Loading...
Posted in *nix, *nix-tools, Conference Topics, Conferences, Event, Power User, Wireshark | Leave a Comment »
Posted by jpluimers on 2017/04/24
I don’t use Wireshark enough to be fluent, so here are some links and quotes that proved to be useful for me:
–jeroen
Like this:
Like Loading...
Posted in *nix, *nix-tools, Power User, Wireshark | Leave a Comment »