The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 4,229 other subscribers

Archive for the ‘Wireshark’ Category

Wireshark Cheat Sheet – Commands, Captures, Filters, Shortcuts

Posted by jpluimers on 2023/02/28

[Wayback/Archive] Wireshark Cheat Sheet – Commands, Captures, Filters, Shortcuts

It is available both a huge [Wayback/Archive] jpg (2500×2096 pixels), so it already prints well on A5 or A4 sized paper for reference and as a [Wayback/Archive] PDF (so you can print it on even larger paper sizes).

Via: [Archive] Murdock (@Generic42) / Twitter in a DM.

–jeroen

Read the rest of this entry »

Posted in *nix, *nix-tools, Communications Development, Development, Hardware, Network-and-equipment, Power User, Software Development, Wireshark | Leave a Comment »

console convert pcap to wav: not easily possible; use the WireShark GUI to do

Posted by jpluimers on 2021/12/01

Wanting a simple way on the console to convert a .pcap file to a .wav file, I searched for [Wayback] console convert pcap to wav – Google Search.

The reason is that [Wayback] fritzcap (written in Python) sometimes crashes while doing the conversion of a phone recording, so then only the .pcap file is available. I still want to figure this out, but given my health situation, I might not be able to in time.

If anyone with Python experience can help, I have failing capture files lying around, and the fritzcap command-line does support decoding [Wayback/Archive.is]:

# feature/re-add_documentation(+0/-0)* ± python fritzcap.py --help
usage: fritzcap.py [-h] [-v] [-c] [-d [file [file ...]]] [-m] [-p password]
                   [-u username] [-s] [--config_file path_to_file]
                   [--logging_config path_to_file] [--box_name host_or_IP]
                   [--call_service_port port] [--login_not_required]
                   [--protocol protocol] [--cap_folder path_pattern]
                   [--cap_file file_pattern] [--cap_interface cap_interface]
                   [--after_capture_time time_in_seconds]
                   [--decode_workers_count int]

...
main arguments:
...
  -d [file [file ...]], --decode_files [file [file ...]]
                        the list of captured files to decode. All the new
                        captures files will be decode automatically if the
                        --capture switch is set. Read the files from the
                        standard input if the list of files is empty and there
                        is no capture work.

Back to other tooling for decoding VoIPcap/pcap files

Too bad there are no easy solutions. You can use the WireShark GUI to do this, which is OK for infrequent conversions.

Here were some of the results leading me to that conclusion:

–jeroen

Posted in *nix, *nix-tools, Development, fritzcap, Power User, Python, Scripting, Software Development, Wireshark | Leave a Comment »

🔎Julia Evans🔍 on Twitter: “ngrep: grep your network!… “

Posted by jpluimers on 2021/02/16

[WayBack] 🔎Julia Evans🔍 auf Twitter: “ngrep: grep your network!… “

So this taught me a new tool and other new things:

  • ngrep – Wikipedia

    ngrep is similar to tcpdump, but it has the ability to look for a regular expression in the payload of the packet, and show the matching packets on a screen or console. It allows users to see all unencrypted traffic being passed over the network, by putting the network interface into promiscuous mode.

    ngrep with an appropriate BPF filter syntax, can be used to debug plain text protocols interactions like HTTPSMTPFTPDNS, among others, or to search for a specific string or pattern, using a grep regular expression syntax.[4][5]

    ngrep also can be used to capture traffic on the wire and store pcap dump files, or to read files generated by other sniffer applications, like tcpdump, or wireshark.

    ngrep has various options or command line arguments. The ngrep man page in UNIX-like operating systems show a list of available options.

  • [WayBack] GitHub – jpr5/ngrep.

    ngrep is like GNU grep applied to the network layer. It’s a PCAP-based tool that allows you to specify an extended regular or hexadecimal expression to match against data payloads of packets. It understands many kinds of protocols, including IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw, across a wide variety of interface types, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

  • [WayBack] BPF syntax
  • Berkeley Packet Filter – Wikipedia

–jeroen

Read the rest of this entry »

Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, Power User, Software Development, Wireshark | Leave a Comment »

56 Linux Networking commands and scripts

Posted by jpluimers on 2021/01/25

Back in 2019, there were 56 commands and scripts covered. I wonder how many there are now.

An ongoing list of Linux Networking Commands and Scripts. These commands and scripts can be used to configure or troubleshoot your Linux network.

Source: [WayBack55 Linux Networking commands and scripts

List back then (which goes beyond just built-in commands: many commands from optional packages are here as well):

  1. arpwatch – Ethernet Activity Monitor.
  2. bmon – bandwidth monitor and rate estimator.
  3. bwm-ng – live network bandwidth monitor.
  4. curl – transferring data with URLs. (or try httpie)
  5. darkstat – captures network traffic, usage statistics.
  6. dhclient – Dynamic Host Configuration Protocol Client
  7. dig – query DNS servers for information.
  8. dstat – replacement for vmstat, iostat, mpstat, netstat and ifstat.
  9. ethtool – utility for controlling network drivers and hardware.
  10. gated – gateway routing daemon.
  11. host – DNS lookup utility.
  12. hping – TCP/IP packet assembler/analyzer.
  13. ibmonitor – shows bandwidth and total data transferred.
  14. ifstat –  report network interfaces bandwidth.
  15. iftop – display bandwidth usage.
  16. ip (PDF file) – a command with more features that ifconfig (net-tools).
  17. iperf3 – network bandwidth measurement tool. (above screenshot Stacklinux VPS)
  18. iproute2 – collection of utilities for controlling TCP/IP.
  19. iptables – take control of network traffic.
  20. IPTraf – An IP Network Monitor.
  21. iputils – set of small useful utilities for Linux networking.
  22. jwhois (whois) – client for the whois service.
  23. “lsof -i” – reveal information about your network sockets.
  24. mtr – network diagnostic tool.
  25. net-tools – utilities include: arp, hostname, ifconfig, netstat, rarp, route, plipconfig, slattach, mii-tool, iptunnel and ipmaddr.
  26. ncat – improved re-implementation of the venerable netcat.
  27. netcat – networking utility for reading/writing network connections.
  28. nethogs – a small ‘net top’ tool.
  29. Netperf – Network bandwidth Testing.
  30. netsniff-ng – Swiss army knife for daily Linux network plumbing.
  31. netstat – Print network connections, routing tables, statistics, etc.
  32. netwatch – monitoring Network Connections.
  33. ngrep – grep applied to the network layer.
  34. nload – display network usage.
  35. nmap – network discovery and security auditing.
  36. nslookup – query Internet name servers interactively.
  37. ping – send icmp echo_request to network hosts.
  38. route – show / manipulate the IP routing table.
  39. slurm – network load monitor.
  40. snort – Network Intrusion Detection and Prevention System.
  41. smokeping –  keeps track of your network latency.
  42. socat – establishes two bidirectional byte streams and transfers data between them.
  43. speedometer – Measure and display the rate of data across a network.
  44. speedtest-cli – test internet bandwidth using speedtest.net
  45. ss – utility to investigate sockets.
  46. ssh –  secure system administration and file transfers over insecure networks.
  47. tcpdump – command-line packet analyzer.
  48. tcptrack – Displays information about tcp connections on a network interface.
  49. telnet – user interface to the TELNET protocol.
  50. tracepath – very similar function to traceroute.
  51. traceroute – print the route packets trace to network host.
  52. vnStat – network traffic monitor.
  53. wget –  retrieving files using HTTP, HTTPS, FTP and FTPS.
  54. Wireless Tools for Linux – includes iwconfig, iwlist, iwspy, iwpriv and ifrename.
  55. Wireshark – network protocol analyzer.

Via:

–jeroen

Posted in *nix, *nix-tools, cURL, dig, Internet, nmap, Power User, SpeedTest, ssh/sshd, tcpdump, Wireshark | Leave a Comment »

When your triple/quad-play providers refuse to give your VoIP SIP credentials, but allows access to your modem: use Wireshark on the WAN side

Posted by jpluimers on 2019/04/12

Every now and then I hear about providers that refuse to hand over the VoIP SIP credentials.

If you do have access to your modem, you can Wireshark the WAN side, then reset the modem and capture traffic until it has obtained the VoIP information:

[WayBack] Telfort SIP (getest met Glasvezel) | Het leven van Teus & Simone:

Veel mensen op het forum van Telfort vragen zich af of ze de SIP gegevens kunnen krijgen voor telefonie zodat men de ExperiaBox niet hoeven te gebruiken. Gezien dat de Telfort Support deze gegevens…

Via:

–jeroen

Posted in *nix, *nix-tools, Internet, Power User, Wireshark | Leave a Comment »

 
%d bloggers like this: