TCPdump is a text-based network sniffer that is extremely flexible and easy to use. It comes handy when there is no access to wireshark and a quick sniff of the network can reveal a lot about the system.
Copy sudo tcpdump -r password_cracking_filtered.pcap A Simple Filtering of TCPdump
Copy sudo tcpdump -n -r password_cracking_filtered.pcap | awk -F" " '{print $5}' | sort | uniq -c | head
Copy sudo tcpdump -n src host 172.16.40.10 -r password_cracking_filtered.pcap //specific host IP
sudo tcpdump -n dst host 172.16.40.10 -r password_cracking_filtered.pcap //specific destination IP
sudo tcpdump -n port 81 -r password_cracking_filtered.pcap //specific port
sudo tcpdump -nX -r password_cracking_filtered.pcap //Print packets in hex and ASCII
Copy CEUAPRSF
WCRCSSYI
REGKHTNN
00011000 = 24 in decimal //Set the necessary flags and find the decimal to filter it
Copy sudo tcpdump -A -n 'tcp[13] = 24' -r password_cracking_filtered.pcap //Filter based on flag 