TCPdump

TCPdump is a text-based network sniffer that is extremely flexible and easy to use. It comes handy when there is no access to wireshark and a quick sniff of the network can reveal a lot about the system.

A Simple TCPDump

sudo tcpdump -r password_cracking_filtered.pcap

A Simple Filtering of TCPdump

sudo tcpdump -n -r password_cracking_filtered.pcap | awk -F" " '{print $5}' | sort | uniq -c | head
sudo tcpdump -n src host 172.16.40.10 -r password_cracking_filtered.pcap //specific host IP
sudo tcpdump -n dst host 172.16.40.10 -r password_cracking_filtered.pcap //specific destination IP
sudo tcpdump -n port 81 -r password_cracking_filtered.pcap //specific port
sudo tcpdump -nX -r password_cracking_filtered.pcap //Print packets in hex and ASCII

Advanced Filtering

CEUAPRSF
WCRCSSYI
REGKHTNN
00011000  = 24 in decimal //Set the necessary flags and find the decimal to filter it
sudo tcpdump -A -n 'tcp[13] = 24' -r password_cracking_filtered.pcap //Filter based on flag

Last updated