Collaborate Disseminate
There are many pcap tools available and which ones you use really depends on what you’re using them for. Some are very good at just giving you the raw data, others parse the data and show you certain types of packets..
But maybe we should back up one s… Continue reading Pcaps and the Tools That Love Them Part 1 of ???
By Richard Bejtlich, Principal Security Strategist, Corelight This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring. Introduction I have been writing material for the Zeek docume… Continue reading Mixed VLAN tags and BPF syntax
Thousand of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Here’s a look at a recent survey that identified some of the bigger skills gaps, and some thoughts about how those seeking a career in these fields can better stand out from the crowd. Continue reading Thinking of a Cybersecurity Career? Read This
I’ve completed kioptrix level 2 challenge via sql injection, command injection, bash reverse shell, and local privilege escalation as part of my OSCP preparation.
https://www.vulnhub.com/entry/kioptrix-level-11-2,23/
; bash -i >& … Continue reading Kioptrix 2: Why netcat reverse shell executed in web browser via command injection bug doesn’t work?
I’m trying to replay a pcap file recorded from my first server online.
In order to make some tests , i successfully changed the IP source and destination, mac source and destination. The pcap file contain mostly UDP packets. To do it I hav… Continue reading Replay pcap with tcpreplay
Am investigating a macOS Catalina machine that is believed to be infected with malware. Have been viewing packets with tcpdump and noticed, on connecting to any web address, there are legit packet that gets sent to the DNS server… then….. Continue reading tcpdump packets have bad and incorrect checksums on localhost, how to investigate further?
If your current capture process can’t keep up with the traffic and drops packets – you need a new capture process. No debates here. Analyzing a trace file in which you don’t have all the packets of interest will waste your time. You a… Continue reading Tshark: 7 Tips on Wireshark’s Command-Line Packet Capture Tool
I was asked to DNS traffic zone using TCPDump
first I used
tcpdump -i eth0 -t host 192.168.1.11 and port 53
I tried to use -w filter to write the analyze the results withe Wireshark. The problem is I keep the terminal ru… Continue reading Question about capturing DNS traffic zone using TCPDump
This question already has an answer here:
I’m challenged to capture packets sent from a client to the gateway in a network.
is it even possible to see the packets between client and gateway for me?
Continue reading Capture Packets of other devices in network [duplicate]
I am trying to set the CWR flag when doing a hping command to another machine. I can set all the other flags, (Eg -S, -F etc) but I can’t find any example of the CWR flag. I’ve checked Man Pages and various forums. I am runni… Continue reading Setting the CWR TCP Flag in a Hping Command