TCPDump: Common Commands - HakTip 143 Video Lecture | Start Using Wireshark: Do Hacking like a Pro - Back-End Programming

today on hatch tip we are using some
popular commands in TCP dump this
episode of hot tip is brought to you by
Atlassian welcome to hack tip the show
where we break down concepts tools and
techniques for hackers gurus and IT
ninjas I am Shannon Morrison today we
are checking out filtering with TCP dump
now if you followed along with hack tip
142 you have TCP dump already installed
and you're running some simple albeit
legit packet captures in your terminal
window on a Linux machine now this week
we are going to filter said captures
because who doesn't love filters in
Wireshark and TCP dump I do I love them
now let's say you only want to capture
like X amount of packets for this and
let's go over to my computer we're gonna
type in TCP dump tech I space to 4w LAN
0 because remember if you can't type
attack capital D that will list out all
your different interfaces and you can
use the number instead of the interface
name now after that I want to type in
taxi and I'm gonna just capture 4
packets let's make it quick ok so that
was easy and that way you don't have to
hit ctrl C or control Z after waiting
for your packets to finish it's just
gonna automatically exit after receiving
that count of packets now if you want to
capture just a specific protocol you can
also add that to the end of the command
like so sudo TCP dump we're gonna use
tech I again with two taxi with four
lines and we're gonna use tack n to just
choose ARP so we want to collect art
packets nothing else so basically what
this does remember tack n is to suppress
hostnames and you can also use tech and
to choose just one kind of packet that
you want to search for so you can type
in tech n IP tack n TCP Tech and ICMP or
tech and ARP whatever you want you can
also filter by just a specific IP
address so for example I could just
search for this
10.7 t 3.30 1.70 it's gonna be pretty
boring cuz it's just a bunch of our
proquest but it'll show me just that
data for a source or a destination
so for example I could type in SRC 10.7
3.31 7:04 just that source of dot seven
zero or I could type in the same thing
with DST for the destination now if you
need to see the hex printout for some
reason instead of regular human speak
you can do that with tack lower case X
this is going to print the hex output
for packets without the link level
header tack xx will do the same thing
but with the link level header attack
with a capital X is going to print out
the hex and the ASCII without link level
and tech capital X capital hex will
print hex ASCII in both the link level
headers huh
so link level headers are expressed in
the tcp man page it just means that it's
going to include OSI layer 2 layer 2
information like MAC addresses in the
TCP dump output feel free to do that on
your own time we are going to check out
a really really cool explanation and
example of what happens when you put in
plain text passwords and user needs to a
website and how you can actually sniff
it yourself in TCP dump but first let's
take a break and we'll be right back
after a word from our sponsor from
genome mapping to renewable energy to
space exploration or just planning your
next team off-site behind every great
human achievement there is a team so
this big question is how do you bring
everybody together to build what's next
the solution with Atlassian you can
unleash your team's potential with
Atlassian's collaboration software so
you can work and communicate better
together
you can assign track and manage tasks
for every project no matter how complex
that's the clarity of JIRA you can
create and share content you can
organize results you can bring team
members up to speed with the flexibility
of confluence or you can instant message
in video chat with your team from any
device with the freedom of tip chat
lastly and my favorite is testing and
reviewing and managing code in real time
with the power of bitbucket which just
had an update last week now Atlassian is
helping teams in every
single industry from startup to
enterprise turn great ideas into reality
I've used HipChat to videoconference
with colleagues because they live all
over the United States I'm able to just
log in find my friend over in Ohio and
chat with them and make sure
everything's on P you can go over to
Atlassian comm to learn more and see how
JIRA confluence HipChat and bitbucket
give your team everything you need to
organize discuss and complete shared
work that's Atlassian comm unleash the
potential of your team and build what's
next we are back with more filter
options now here are a couple of other
really easy customizations that you can
use to make your commands all the more
better so first off you can use tak TT
or tak three T's or attack forties or
tech 5 TS to make the timestamp look a
little more readable or change it as
described in the man page so my favorite
is probably going to be let's see TCP
dump tak I'm gonna say three T's and
then we use Takei and wlan0 and I can
also use four T's to show me the date as
well and if you just really hate
timestamps you can also use one T and
that's a lowercase T to delete all of
your timestamps for something fun you
can write your capture to a file and
this is going to be using the tack W
option and then you can read that same
capture with TCP dump tech R which you
give you all that same info out of the P
cap there we go now if you don't want to
include a type of packet you can add not
to your command so for example I could
type in TCP dump attack and attack iw
land 0 not TCP so I would still get IP
ARP I would get everything else but it
just would not show me
TCP you can also use grep alongside TCP
dump like this so I'll type in TCP dump
tak capital A Tech I of course this is 2
or wlan0
I'm going to pipe this to e grep Takei
colon and we're gonna just find out
what's going on online when I go to a
plaintext web site
and I type in my username and password
so we're gonna use pass PWD password
username un PW okay so what's going to
happen is I'm gonna press enter and then
I'm gonna go over to this website that I
have open which I know uses plaintext
passwords and usernames and I'm just
gonna type in a random login name and a
really easy password like one two three
four five six alright let's hit enter
okay there we go
that took a little while but we finally
got it so if we scroll down all the way
to the bottom and luckily it's pretty
much stopped after it found my username
and password that I put in so it tells
me right here in plain text my username
was snubs and then it says password VB
login password hint there was no
password hint md5 oh so here it says md5
password equals and then it gives me
this hash so if I copy this hash and
just for clarity my password was one two
three four five six I'm gonna copy that
and I'm just gonna Google md5 hash
decrypt put in my hash and hit decrypt
and let's see if it is salted this
website is terrible oh there is
decrypted text one two three four five
six so I have now proved to myself that
the website that I was trying to login
to is not salting these hashed passwords
and delicious they need some salt some
serious salt that's bad but that is
really cool because you can then find
out which websites that you're going to
that are letting you do plaintext
passwords and usernames that's not
really good if you can actually sniff
out your own data huh that's about it
for TCP dump you can go over to TCP dump
dot org for more information and you can
also print out this super handy dandy
cheat sheet which they put down in the
document section check this out lots and
lots of awesome filters that you can use
with TCP dump that's so great
I would suggest printing that out and
just sticking it on the wall next to
your computer if you plan on using TCP
dump a bunch
all right that is about it for my
overview of TCP dump you can let me know
what you think you can always comment
below or you can email us tips at hack 5
org if you're over on YouTube right now
you can subscribe YouTube youtube.com
slash hack 5 almost org and be sure to
check out our sister show hack 5 for
more great stuff just like this we're
building drones on hack 5 it's so much
fun check it out and I will be there
reminding you to trust your techni lest
I was terrible