From my Spells book No1 Tcpdump

So I have a number of journals one of which I call “Spells” ! It’s just a collection of scripts commands etc. But for years now I’ve been thinking about putting together some short snappy articles about each of them – so finally hear we go!

Tcpdump is a “data-network packet analyser computer program”
What does it do? It lets you look at network traffic and see what is coming into and out of your computer.

Typically this can be useful if you want to see what is going on with a particular application (it might be a web server or a mail server – you might want to look at DNS traffic).

Usage is fairly straight forward 

ie “sudo tcpdump” Will give you pretty much everything coming in and going out of the machine. It’s interesting to run this and if you look closely you can get an idea of web page construction – live connectivity all sorts of interesting stuff. But it is sometimes a lot of information (use control command key combination to stop the session).

sudo tcpdump port 53
Will give you an idea of whats going on with regards DNS
If your running a web server “sudo tcpdump port 80” or “sudo tcpdump port 443” will give you a good picture of whats going on.

It’s even useful just to see if the network is up – for example you can bring up a couple of terminal windows
“sudo tcpdump icmp” in one window and “ping 8.8.4.4” in another, will give you feedback like this and indeed prove that your computer is infact on the interweb!

Tcpdump and icmp running in seperate terminal windowss!

If you want to actually capture data to a file try something like this
“sudo tcpdump -s 0 -w dumpfile host 8.8.8.8” and then “ping 8.8.8.8” that will create a packet dump in a format that can be read via tcpdump or something like wireshark if you want to view things in a GUI.
 
Although this is just a basic introduction to packet tracing, tcpdump is the grandaddy of all packet tracers and it’s a good skill to have. 

One word of warning though, is that you should not run tcpdump on a network that is not yours! Ie check if your doing this at work, as in some situations it could be considered not appropriate or verging on hacking. Use with caution!

Unix bin path how to!

SSD Update
Best thing you can do with an old computer – update the HD to ssd

Well I finaly coughed up and put an ssd into my pre historic laptop (well worth the trouble I might add)!

I decided to do things from scratch as opposed to a complete clone of my original HD, mainly because over the years I have probably installed more crud than I care to think about!


This is how to add your local bin folder to your path!
I only use this info about once every 3-4 years but hear it is for my own edumacation and may be, just maybe it will be useful to someone else!



cd ~/ <– switch into your home dir
nano .bash_profileĀ  <— create file
then add this line to that file
export PATH=$PATH:~/bin

save close terminal then re launch

Enjoy the contents of you bin!
(you can check that it there by running echo $PATH) or if you have some already executable scripts in your bin you can just try running the scripts from the cli.

Works on Mac os X High Sierra


Terminal escape injection techniques

It’s interesting in that shell scripts (small one’s) seem just like friendly bits of code that you can run. That’s not always the case, it’s probably never a good idea to just download a script and run it (esp using curl or wget). I discovered this very interesting article the other day about terminal escape injection and it works on pretty much every platform – mac, windows linux and even within python!

When in dought use cat -v in fact cat -v may be my new default for viewing code!

https://www.infosecmatter.com/terminal-escape-injection/