|
sniff
http://www.openmaniak.com/tcpdump.php http://www.networksorcery.com/enp/default0904.htm http://www.ethereal.com/faq.html#promiscsniff http://tutorials.papamike.ca/pub/tcpdump.html ettercap ettercap -T // (all hosts) ettercap -G (GTK front end, scan host, then start sniffing) dsniff webspy host tcpkill dsniff arpspoof dnsspoof dsniff filesnarf macof mailsnarf msgsnarf sshmitm tcpkill tcpnice urlsnarf webmitm in windows windump -D (discover interface) windump -i 2 (user interface 2) windump -i 2 -w d.pcap (-w d.txt, save to d.txt, only on tcp port 80)\ windump -r d.pcap -w http.pcap tcp port 80 ( read the dump file, and write to http.pcap with info on tcp port 80) windump -XX -r d.pcap (print header and data in heax and asii) case study: netstat -n (print numeric) netstat (get the host name, confirm with the numeric) tcpdump (or windump, then save the file) then read the packets file with tcpdump to find the HTTP get request (find what file we are getting) host + file = absolute path. arp arp -a (display all ip->mac) |
Sign in to add a comment
