Tcpdump Notes

I have been using tcpdump recently and wanted to note down some of the commands Y’know, for future reference.

Cheat Sheet:

To monitor certain ports:

  • In this case, monitoring for the existence of NETBIOS traffic
sudo tcpdump -n -i eth0 '(port 137 or 138 or 139)'

-n is to stop IP name resolution -i is for the interface

Record traffic looking for a specific host:

sudo tcpdump -i eth0 -n 'host 192.168.1.2 and (port 137 or 138 or 139)'

To write to a file:

 sudo tcpdump -n -i eth0 ip6 -w ipv6.pcap

To select hosts from a Pcap file:

 sudo tcpdump -n -r llmnr.pcap | cut -d " " -f3 | cut -d "." -f 1-4  | sort -u  

This assumes the ip and port are together such as:

192.168.2.1.80

2020

Tcpdump Notes

I have been using tcpdump recently and wanted to note down some of the commands Y’know, for future reference.

Pivoting with SSH

Today I was trouble shooting a machine at work. I did not have access via RDP or VNC, so I used SSH to forward my traffic to the host so I could access a URL.

GitHub Actions

I participated in a DevSecOps type workshop on Saturday (May 9th) in which we created some GitHub Actions. This is a post to solidify the learning and be a c...

Threat Defense Workshop

On April 25th I was fortunate enough to participate in the Trend Micro Threat Defense workshop.

Incident Handling Certification

Since I blogged about my experience at OpenSoc, I wanted to expand on the value I found in my eLearnSecuirty Incident Response course. What you will find bel...

OpenSoc Experience

So Thursday (April 9th) I participated in an online blue team defense simulation event, known as OpenSOC.

Golang Parsing Strings

I have been working with Golang strings and how to manipulate them. Working from other blogs posts I’ve found. When I sit down to code, I seem to forget ever...

Welcome to Jekyll!

You’ll find this post in your _posts directory. Go ahead and edit it and re-build the site to see your changes. You can rebuild the site in many different wa...

Back to Top ↑