This Linux Journal article looks at the linux sniffing tools. It looks at the most common sniffing tool, tcpdump, but also has info on a few tools I wasn't familiar with like p0f, which attempts to do passive OS fingerprinting to see what versions of software are on your net and dsniff, which follows network traffic to look inside traffic like mail, web, etc. if you want to create your own wall of sheep.
And while I'm looking at security and unintended shared content, Schneier's blog has a post about unsecured webcams.
Showing posts with label sniffing. Show all posts
Showing posts with label sniffing. Show all posts
Sunday, January 30, 2011
Wednesday, May 5, 2010
Using tcpdump to only capture SYN and FIN packets
Sometimes with a network capture, all you want to know is when a session starts and when it finishes. So you don't actually want to capture anything beyond the session start and finish handshakes. Here's how to do it:
tcpdump -w flagdump 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0'
Subscribe to:
Comments (Atom)
About Me
- regis
- Regis has worked as a network engineer since 1994 for small companies and for large companies.
