Creative Writing

Backtrack 1

Description
info 4
Published
of 7
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
  Test3 Connect Wireless using terminal in linux or backtrack For example, A wifi network with essid MWM , with key 1234567890 , and I want to connect to it using an static IP: IP: 192.168.1.5 MASK: 255.255.255.0 IP Gateway: 192.168.1.1 Step : 1.   Check the interface with ifconfig to see the wireless (usb) already up or not 2.   iwconfig essid MWM key 1234567890 3.   ifconfig <interface> 192.168.1.5 netmask 255.255.255.0 up 4.   route add default gw 192.168.1.1 TCP DUMP ( http://www.computersecuritystudent.com/SECURITY_TOOLS/SNIFFER/lesson1/) Tcpdump is a really useful program for capturing packets that are on the wire. It can be used to view packets going through your own interface, on a network with a hub, or on a switched network (arp-cache poisoning or mirrored switch ports). The output from tcpdump can either be sent to the screen, written to a raw file using -w and viewed with tcpdump (using -r) or the capture files can be read with a tool such as Wireshark. Tcpdump is a tool that anyone who is interested in networks should be familiar with. It will help you understand what normal traffic looks like on your network at a packet level so you can quickly identify abnormal traffic. The purpose of this blog post is to get a few of the commands documented to familierize myself with tool so i can quickly apply filters when needed. For the Windows users there is a very good port of tcpdump called Windump, the syntax is very similar if not identical. Using Tcpdump When first running tcpdump without any filters the output can be overwhelming. Don't worry about this, as you begin to get familiar with the filters you can quickly get to the information you want.  If you have multiple interfaces that are up you may need to use the -i {interface} switch. tcpdump -i eth1 The command can be terminated with ctrl+c. I recommend using the -n switch to prevent name resolution whilst you are performing the capture. The name resolution can always be performed later. tcpdump -i eth1 -n You can also cut down the amount of data you capture by using the quiet option (-q) tcpdump -q Or to really cut down on what i can see I could use the following which would just display the from and to, the protocol and the packet size: tcpdump -qt As previously mentioned the output of tcpdump can be sent to a file using the -w switch or straight to a text file using the redirect > I recommend writing the output to libpcap format using a command such as: tcpdump -i eth1 -n -w capture.lpc However, you may want to view the output on the screen as you write it to a file, this can be done by using the -l switch and piping through tee into the file: tcpdump -l | tee mydump You can also limit the capture to a certain amount of packets using the -c switch. To only collect 100 packets: tcpdump -c 100 The -c switch can also be used when reading from a packet capture file: tcpdump -n -s 1514 -r capture.lpc -c 5 tcp The command above will read the first 5 tcp packets from the capture.lpc file.   Collecting Packets Based on Size Usually tcpdump does not collect the entire packet. Use the snaplen option -s 0 to force it to do so: tcpdump -s 0 Or to only collect the first 1514 bytes of a packet: tcpdump -s 1514 1514 bytes will capture the ethernet portion without VLAN tagging. To capture the VLAN tagging information an additional 4 bytes will need to be added. To only collect packets from a particular host: tcpdump -i eth 1 -n -w capture.lpc host 208.68.234.113 Name Resolution As mentioned earlier, by default tcpump will resolve network addresses into names. To disable this use the -n switch. And to disable port resolution use -nn: tcpdump -nn Use -f to prevent remote name resolution. If you are on a local LAN and want to capture only traffic based on a MAC address use: tcpdump ether host 11:22:33:44:55:66:77:00 Or if you want the Ethernet header in the output use the -e option: tcpdump -i eth1 -e -n -s 1514-w capture.lpc To restrict the capture to a network use: tcpdump -i eth1 -n -w capture.lpc -s 1514 net 192.168.1 or   tcpdump -i eth1 -n -w capture.lpc -s 1514 net 192.168.1.0 mask 255.255.255.0 Using Keywords Keywords alow you to easily filter traffic. The Keywords that can be used are ip, tcp, udp, icmp and igmp. As an example of using keywords, to capture all IP traffic use keywords: tcpdump -i eth1 -n -w capture.lpc -s 1514 ip or to capture just TCP traffic: tcpdump -i eth1 -n -w capture.lpc -s 1514 tcp Other traffic types without keywords can be captured using the ip proto option: tcpdump -i eth1 -n -w capture.lpc -s 1514 ip proto l2tp or by its protocalnumber as found in the /etc/protocols file: tcpdump -i eth1 -n -w capture.lpc -s 1514 ip proto 115 To capture traffic based on it's application from further up the stack such as ftp traffic specify the port: tcpdump -i eth1 -n -w capture.lpc -s 1514 port 21 And to capture the data portion of the FTP traffic as well you could add port 20: tcpdump -i eth1 -n -w capture.lpc -s 1514 port 21 && port 20 This could have been specified by name as detailed in the /etc/services file. tcpdump -i eth1 -n -w capture.lpc -s 1514 port ftp && port ftp-data In the examples above I have used && to add 2 filters together. I could have used the word 'and' instead. You can also use 'or' to idicate that i want one filter to apply or another filter to apply. || means the same as 'or' also. tcpdump -i eth1 -n -w capture.lpc -s 1514 port http or https tcpdump -i eth1 -n -w capture.lpc -s 1514 port 80 || 443
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks