Difference between revisions of "Linux Commands"
Jump to navigation
Jump to search
Line 35: | Line 35: | ||
* -X -- print hex and ASCII | * -X -- print hex and ASCII | ||
* -s <snaplen> -- length to capture (-s0 for all data) | * -s <snaplen> -- length to capture (-s0 for all data) | ||
Filter string: | |||
* Protocol | |||
** ether, ip, ip6, arp, rarp, tcp, udp | |||
* Type | |||
** host <host> | |||
** net <network> | |||
** port <portnum> | |||
** portrange <start-end> | |||
* Direction | |||
** src | |||
** dst | |||
* Logic | |||
** and | |||
** or | |||
* Show TCP against target 10.10.10.10 in ASCII | |||
<pre>tcpdump [-i tap0] -n -A tcp and dst 10.10.10.10</pre> | |||
* Show all UDP from 10.10.10.10 | |||
<pre>tcpdump [-i tap0] -n udp and src 10.10.10.10</pre> | |||
* Show all TCP port 80 packets going to or from host 10.10.10.10 | |||
<pre>tcpdump [-i tap0] -n tcp and port 80 and host 10.10.10.10 | |||
===hping3=== |
Revision as of 14:32, 15 July 2008
Recon
whois
$ whois [-h whois_server] name
nslookup
$ nslookup <target>
dig
- Types of record: NS, A, HINFO, MX, TXT, CNAME, SOA, RP, PTR, SRV
$ dig [@server] <name> [type]
- Zone transfer
$ dig [@server] <domain> -t AXFR * Iterative zone transfer <pre>$ dig [@server] <domain> -t IXFR=<N>
BiLE.pl
$ ./BiLE <target> <result_file> $ ./BiLE-weigh.pl <site_of_interest> <BiLE_output.mine> $ ./tld-expand.pl $ ./vet-IPrange.pl $ ./qtrace.pl
Scanning
tcpdump
Parameters:
- -n -- use numbers
- -i <interface>
- -v -- be verbose
- -r <file>/-w <file> -- read from/write to file
- -x -- print hex
- -A -- print ASCII
- -X -- print hex and ASCII
- -s <snaplen> -- length to capture (-s0 for all data)
Filter string:
- Protocol
- ether, ip, ip6, arp, rarp, tcp, udp
- Type
- host <host>
- net <network>
- port <portnum>
- portrange <start-end>
- Direction
- src
- dst
- Logic
- and
- or
- Show TCP against target 10.10.10.10 in ASCII
tcpdump [-i tap0] -n -A tcp and dst 10.10.10.10
- Show all UDP from 10.10.10.10
tcpdump [-i tap0] -n udp and src 10.10.10.10
- Show all TCP port 80 packets going to or from host 10.10.10.10
tcpdump [-i tap0] -n tcp and port 80 and host 10.10.10.10hping3