Skip to content

Latest commit

 

History

History
43 lines (36 loc) · 851 Bytes

0-Sniffing.md

File metadata and controls

43 lines (36 loc) · 851 Bytes

Sniffing

ARP spoofing

arpspoof -t 10.10.10.24 10.10.10.25

ARP cache

# show cache
ip neigh
# delete cache
ip neigh flush all

TCP dump traffic

# capture packets from interface
tcpdump -i eth0
# display all interfaces
tcpdump -D
# capture and save to file
tcpdump -w 0001.pcap -i eth0
# read from file
tcpdump -r 0001.pcap
# filter
tcpdump -i eth0 src 192.168.0.10 port 22
  • -i: interface (any for all)
  • -c: count limited packets
  • -A: print in ASCII
  • -XX: print in Hex and ASCII
  • -r: read file
  • -w: write file
  • <protocol>: filter by protocol (ex: tcp, arp, udp, ...)
  • port <port>: filter by port or port type (ex: 23, 22, ssh, http)
  • host <host>: filter by host
  • dst <host>: filter by destination
  • net <subnet>: filter by subnet