Comment on page

Sniff Traffic

tcpdump
While connected via SSH:
$ sudo tcpdump -i eth0 -w dump.pcap -s0 'not tcp port 22' &
Wireshark
​https://wiki.wireshark.org/CaptureSetup/CapturePrivileges​
​https://research.801labs.org/cracking-an-ntlmv2-hash/​
Filters
Protocols to consider:
​DTP (Dynamic Trunking Protocol)
​OSPF (Open Shortest Path First)
​SSDP (Simple Service Discovery Protocol)
​ARP (Address Resolution Protocol)
​LLMNR (Link-Local Multicast Name Resolution)
​NBNS (NetBIOS Name Service)
​mDNS (Multicast DNS)
​ICMPv6 (Internet Control Message Protocol version 6)
​DHCPv6 (Dynamic Host Configuration Protocol version 6)
dtp || ospf || ssdp || arp || llmnr || nbns || mdns || icmpv6 || dhcpv6

Last modified 2yr ago