SlideShare a Scribd company logo
1 of 13
Download to read offline
Watching and Manipulating Your  Network Traffic
tcpdump - your binoculars   $ sudo tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 14:59:39.168508 IP a204-2-177-16.deploy.akamaitechnologies.com.www > josiah-desktop.local.34594: . 884145450:884146898(1448) ack 1384394675 win 6266 <nop,nop,timestamp 612468726 176413364> 14:59:39.168526 IP josiah-desktop.local.34594 > a204-2-177-16.deploy.akamaitechnologies.com.www: . ack 1448 win 1267 <nop,nop,timestamp 176413372 612468726> 14:59:39.170034 IP a204-2-177-16.deploy.akamaitechnologies.com.www > josiah-desktop.local.34594: . 1448:2896(1448) ack 1 win 6266 <nop,nop,timestamp 612468726 176413364> 14:59:39.170052 IP josiah-desktop.local.34594 > a204-2-177-16.deploy.akamaitechnologies.com.www: . ack 2896 win 1313 <nop,nop,timestamp 176413372 612468726> ... 14:59:39.284334 IP ec2-174-129-15-1.compute-1.amazonaws.com.www > josiah-desktop.local.50615: P 3587518292:3587518498(206) ack 329762849 win 66 <nop,nop,timestamp 1308615091 176412617> 14:59:39.284367 IP josiah-desktop.local.50615 > ec2-174-129-15-1.compute-1.amazonaws.com.www: . ack 206 win 108 <nop,nop,timestamp 176413401 1308615091> 14:59:39.284374 IP ec2-174-129-15-1.compute-1.amazonaws.com.www > josiah-desktop.local.50615: F 206:206(0) ack 1 win 66 <nop,nop,timestamp 1308615091 176412617> 14:59:39.284580 IP josiah-desktop.local.50615 > ec2-174-129-15-1.compute-1.amazonaws.com.www: F 1:1(0) ack 207 win 108 <nop,nop,timestamp 176413401 1308615091>   $ sudo tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 14:59:39.168508 IP a204-2-177-16.deploy.akamaitechnologies.com.www > josiah-desktop.local.34594: . 884145450:884146898(1448) ack 1384394675 win 6266 <nop,nop,timestamp 612468726 176413364> 14:59:39.168526 IP josiah-desktop.local.34594 > a204-2-177-16.deploy.akamaitechnologies.com.www: . ack 1448 win 1267 <nop,nop,timestamp 176413372 612468726> 14:59:39.170034 IP a204-2-177-16.deploy.akamaitechnologies.com.www > josiah-desktop.local.34594: . 1448:2896(1448) ack 1 win 6266 <nop,nop,timestamp 612468726 176413364> 14:59:39.170052 IP josiah-desktop.local.34594 > a204-2-177-16.deploy.akamaitechnologies.com.www: . ack 2896 win 1313 <nop,nop,timestamp 176413372 612468726> ... 14:59:39.284334 IP ec2-174-129-15-1.compute-1.amazonaws.com.www > josiah-desktop.local.50615: P 3587518292:3587518498(206) ack 329762849 win 66 <nop,nop,timestamp 1308615091 176412617> 14:59:39.284367 IP josiah-desktop.local.50615 > ec2-174-129-15-1.compute-1.amazonaws.com.www: . ack 206 win 108 <nop,nop,timestamp 176413401 1308615091> 14:59:39.284374 IP ec2-174-129-15-1.compute-1.amazonaws.com.www > josiah-desktop.local.50615: F 206:206(0) ack 1 win 66 <nop,nop,timestamp 1308615091 176412617> 14:59:39.284580 IP josiah-desktop.local.50615 > ec2-174-129-15-1.compute-1.amazonaws.com.www: F 1:1(0) ack 207 win 108 <nop,nop,timestamp 176413401 1308615091>  
A packet as seen by tcpdump 14:59:39.284374 IP ec2-174-129-15-1.compute-1.amazonaws.com.www > josiah-desktop.local.50615:F 206:206(0) ack 1 win 66 <nop,nop,timestamp 1308615091 176412617> 19:56:05.497478 arp who-has 192.168.1.16 tell 192.168.1.1 19:57:33.302510 IP 192.168.1.42.53708 > 192.168.1.24.snmp:  GetRequest(38)  E:hp.2.3.9.4.2.1.4.1.5.2.39.0 19:58:30.954951 IP 192.168.1.25.54733 > resolver1.opendns.com.domain: 23503+ PTR? 24.1.168.192.in-addr.arpa. (43) 19:58:30.990415 IP resolver1.opendns.com.domain > 192.168.1.25.54733: 23503 NXDomain 0/0/0 (43) 20:01:50.159642 IP 192.168.1.25.ntp > time7.apple.com.ntp: NTPv4, Client, length 48 20:09:37.686346 IP 192.168.1.25.63770 > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
tcpdump examples ,[object Object],  ,[object Object],  ,[object Object],  ,[object Object],  ,[object Object]
tcpdump -F filename host adam
If all else fails, pipe it to grep ,[object Object]
iproute2 - your swiss army knife ,[object Object]
Sudo apt-get install iproute
Setup nics and virtual nics
Configure routing tables
Setup multiple routing tables
Set rules that restrict traffic flow
Set rules that enable traffic flow

More Related Content

What's hot

Eincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking iiEincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking iiNetwax Lab
 
JomaSoft VDCF - Solaris Private Cloud
JomaSoft VDCF - Solaris Private CloudJomaSoft VDCF - Solaris Private Cloud
JomaSoft VDCF - Solaris Private CloudJomaSoft
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examplesTeja Bheemanapally
 
True stories on the analysis of network activity using Python
True stories on the analysis of network activity using PythonTrue stories on the analysis of network activity using Python
True stories on the analysis of network activity using Pythondelimitry
 
Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全維泰 蔡
 
Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識維泰 蔡
 
Wireshark.ethereal
Wireshark.etherealWireshark.ethereal
Wireshark.etherealgh02
 
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Андрей Шорин
 
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Ontico
 
Nxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNetwax Lab
 
370410176 moshell-commands
370410176 moshell-commands370410176 moshell-commands
370410176 moshell-commandsnanker phelge
 
Tensorflow and python : fault detection system - PyCon Taiwan 2017
Tensorflow and python : fault detection system - PyCon Taiwan 2017Tensorflow and python : fault detection system - PyCon Taiwan 2017
Tensorflow and python : fault detection system - PyCon Taiwan 2017Eric Ahn
 
Ping Presentation
Ping PresentationPing Presentation
Ping Presentationguestc3e2fe
 

What's hot (20)

Log
LogLog
Log
 
Arp
ArpArp
Arp
 
Unix Monitoring Tools
Unix Monitoring ToolsUnix Monitoring Tools
Unix Monitoring Tools
 
Eincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking iiEincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking ii
 
הגדרת נתבי סיסקו 1.0
הגדרת נתבי סיסקו 1.0הגדרת נתבי סיסקו 1.0
הגדרת נתבי סיסקו 1.0
 
JomaSoft VDCF - Solaris Private Cloud
JomaSoft VDCF - Solaris Private CloudJomaSoft VDCF - Solaris Private Cloud
JomaSoft VDCF - Solaris Private Cloud
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples
 
True stories on the analysis of network activity using Python
True stories on the analysis of network activity using PythonTrue stories on the analysis of network activity using Python
True stories on the analysis of network activity using Python
 
Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全
 
CARACTERES ASCII ENSAMBLADOR
CARACTERES ASCII ENSAMBLADORCARACTERES ASCII ENSAMBLADOR
CARACTERES ASCII ENSAMBLADOR
 
Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識
 
Wireshark.ethereal
Wireshark.etherealWireshark.ethereal
Wireshark.ethereal
 
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
 
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...
 
Linux router
Linux routerLinux router
Linux router
 
Nxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asa
 
OSPF 3
OSPF 3OSPF 3
OSPF 3
 
370410176 moshell-commands
370410176 moshell-commands370410176 moshell-commands
370410176 moshell-commands
 
Tensorflow and python : fault detection system - PyCon Taiwan 2017
Tensorflow and python : fault detection system - PyCon Taiwan 2017Tensorflow and python : fault detection system - PyCon Taiwan 2017
Tensorflow and python : fault detection system - PyCon Taiwan 2017
 
Ping Presentation
Ping PresentationPing Presentation
Ping Presentation
 

Viewers also liked

Traffic monitoring
Traffic monitoringTraffic monitoring
Traffic monitoringRadu Galbenu
 
Ceh V5 Module 07 Sniffers
Ceh V5 Module 07 SniffersCeh V5 Module 07 Sniffers
Ceh V5 Module 07 SniffersMina Fawzy
 
Linux Network Administration (LPI-1,LPI-2)
Linux Network Administration (LPI-1,LPI-2)Linux Network Administration (LPI-1,LPI-2)
Linux Network Administration (LPI-1,LPI-2)laonap166
 
Linux Network commands
Linux Network commandsLinux Network commands
Linux Network commandsHanan Nmr
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Linux Networking Commands
Linux Networking CommandsLinux Networking Commands
Linux Networking Commandstmavroidis
 
Tcpdump basico
Tcpdump basicoTcpdump basico
Tcpdump basicoJosu Orbe
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsBrendan Gregg
 
BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and moreBrendan Gregg
 

Viewers also liked (10)

Traffic monitoring
Traffic monitoringTraffic monitoring
Traffic monitoring
 
Ceh V5 Module 07 Sniffers
Ceh V5 Module 07 SniffersCeh V5 Module 07 Sniffers
Ceh V5 Module 07 Sniffers
 
Tcpdump hunter
Tcpdump hunterTcpdump hunter
Tcpdump hunter
 
Linux Network Administration (LPI-1,LPI-2)
Linux Network Administration (LPI-1,LPI-2)Linux Network Administration (LPI-1,LPI-2)
Linux Network Administration (LPI-1,LPI-2)
 
Linux Network commands
Linux Network commandsLinux Network commands
Linux Network commands
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
Linux Networking Commands
Linux Networking CommandsLinux Networking Commands
Linux Networking Commands
 
Tcpdump basico
Tcpdump basicoTcpdump basico
Tcpdump basico
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old Secrets
 
BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and more
 

Similar to Watching And Manipulating Your Network Traffic

Debugging Ruby
Debugging RubyDebugging Ruby
Debugging RubyAman Gupta
 
RPKI: An Operator’s Implementation
RPKI: An Operator’s ImplementationRPKI: An Operator’s Implementation
RPKI: An Operator’s ImplementationMyNOG
 
Complete squid &amp; firewall configuration. plus easy mac binding
Complete squid &amp; firewall configuration. plus easy mac bindingComplete squid &amp; firewall configuration. plus easy mac binding
Complete squid &amp; firewall configuration. plus easy mac bindingChanaka Lasantha
 
Handy Networking Tools and How to Use Them
Handy Networking Tools and How to Use ThemHandy Networking Tools and How to Use Them
Handy Networking Tools and How to Use ThemSneha Inguva
 
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全維泰 蔡
 
Debugging Ruby Systems
Debugging Ruby SystemsDebugging Ruby Systems
Debugging Ruby SystemsEngine Yard
 
Analysis of Compromised Linux Server
Analysis of Compromised Linux ServerAnalysis of Compromised Linux Server
Analysis of Compromised Linux Serveranandvaidya
 
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/StableSR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stablejuet-y
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network TroubleshootingOpen Source Consulting
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networkingLorenzo Fontana
 
ULA network experience @ JANOG34, by Shishio Tsuchiya [APNIC 38 / APIPv6TF]
ULA network experience @ JANOG34, by Shishio Tsuchiya [APNIC 38 / APIPv6TF]ULA network experience @ JANOG34, by Shishio Tsuchiya [APNIC 38 / APIPv6TF]
ULA network experience @ JANOG34, by Shishio Tsuchiya [APNIC 38 / APIPv6TF]APNIC
 
Ipv6 test plan for opnfv poc v2.2 spirent-vctlab
Ipv6 test plan for opnfv poc v2.2 spirent-vctlabIpv6 test plan for opnfv poc v2.2 spirent-vctlab
Ipv6 test plan for opnfv poc v2.2 spirent-vctlabIben Rodriguez
 
Triển khai vpn client to site qua router gpon
Triển khai vpn client to site qua router gponTriển khai vpn client to site qua router gpon
Triển khai vpn client to site qua router gponlaonap166
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
Wireshar training
Wireshar trainingWireshar training
Wireshar trainingLuke Luo
 

Similar to Watching And Manipulating Your Network Traffic (20)

Debugging Ruby
Debugging RubyDebugging Ruby
Debugging Ruby
 
RPKI: An Operator’s Implementation
RPKI: An Operator’s ImplementationRPKI: An Operator’s Implementation
RPKI: An Operator’s Implementation
 
Complete squid &amp; firewall configuration. plus easy mac binding
Complete squid &amp; firewall configuration. plus easy mac bindingComplete squid &amp; firewall configuration. plus easy mac binding
Complete squid &amp; firewall configuration. plus easy mac binding
 
Handy Networking Tools and How to Use Them
Handy Networking Tools and How to Use ThemHandy Networking Tools and How to Use Them
Handy Networking Tools and How to Use Them
 
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
 
Debugging Ruby Systems
Debugging Ruby SystemsDebugging Ruby Systems
Debugging Ruby Systems
 
Unix 4 en
Unix 4 enUnix 4 en
Unix 4 en
 
Analysis of Compromised Linux Server
Analysis of Compromised Linux ServerAnalysis of Compromised Linux Server
Analysis of Compromised Linux Server
 
Lab telematicos
Lab telematicosLab telematicos
Lab telematicos
 
Lab telematicos
Lab telematicosLab telematicos
Lab telematicos
 
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/StableSR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
 
Containers for sysadmins
Containers for sysadminsContainers for sysadmins
Containers for sysadmins
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networking
 
ULA network experience @ JANOG34, by Shishio Tsuchiya [APNIC 38 / APIPv6TF]
ULA network experience @ JANOG34, by Shishio Tsuchiya [APNIC 38 / APIPv6TF]ULA network experience @ JANOG34, by Shishio Tsuchiya [APNIC 38 / APIPv6TF]
ULA network experience @ JANOG34, by Shishio Tsuchiya [APNIC 38 / APIPv6TF]
 
Ipv6 test plan for opnfv poc v2.2 spirent-vctlab
Ipv6 test plan for opnfv poc v2.2 spirent-vctlabIpv6 test plan for opnfv poc v2.2 spirent-vctlab
Ipv6 test plan for opnfv poc v2.2 spirent-vctlab
 
Triển khai vpn client to site qua router gpon
Triển khai vpn client to site qua router gponTriển khai vpn client to site qua router gpon
Triển khai vpn client to site qua router gpon
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
Wireshar training
Wireshar trainingWireshar training
Wireshar training
 
Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140)
 

Recently uploaded

AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 

Recently uploaded (20)

AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 

Watching And Manipulating Your Network Traffic

  • 1. Watching and Manipulating Your Network Traffic
  • 2. tcpdump - your binoculars   $ sudo tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 14:59:39.168508 IP a204-2-177-16.deploy.akamaitechnologies.com.www > josiah-desktop.local.34594: . 884145450:884146898(1448) ack 1384394675 win 6266 <nop,nop,timestamp 612468726 176413364> 14:59:39.168526 IP josiah-desktop.local.34594 > a204-2-177-16.deploy.akamaitechnologies.com.www: . ack 1448 win 1267 <nop,nop,timestamp 176413372 612468726> 14:59:39.170034 IP a204-2-177-16.deploy.akamaitechnologies.com.www > josiah-desktop.local.34594: . 1448:2896(1448) ack 1 win 6266 <nop,nop,timestamp 612468726 176413364> 14:59:39.170052 IP josiah-desktop.local.34594 > a204-2-177-16.deploy.akamaitechnologies.com.www: . ack 2896 win 1313 <nop,nop,timestamp 176413372 612468726> ... 14:59:39.284334 IP ec2-174-129-15-1.compute-1.amazonaws.com.www > josiah-desktop.local.50615: P 3587518292:3587518498(206) ack 329762849 win 66 <nop,nop,timestamp 1308615091 176412617> 14:59:39.284367 IP josiah-desktop.local.50615 > ec2-174-129-15-1.compute-1.amazonaws.com.www: . ack 206 win 108 <nop,nop,timestamp 176413401 1308615091> 14:59:39.284374 IP ec2-174-129-15-1.compute-1.amazonaws.com.www > josiah-desktop.local.50615: F 206:206(0) ack 1 win 66 <nop,nop,timestamp 1308615091 176412617> 14:59:39.284580 IP josiah-desktop.local.50615 > ec2-174-129-15-1.compute-1.amazonaws.com.www: F 1:1(0) ack 207 win 108 <nop,nop,timestamp 176413401 1308615091>   $ sudo tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 14:59:39.168508 IP a204-2-177-16.deploy.akamaitechnologies.com.www > josiah-desktop.local.34594: . 884145450:884146898(1448) ack 1384394675 win 6266 <nop,nop,timestamp 612468726 176413364> 14:59:39.168526 IP josiah-desktop.local.34594 > a204-2-177-16.deploy.akamaitechnologies.com.www: . ack 1448 win 1267 <nop,nop,timestamp 176413372 612468726> 14:59:39.170034 IP a204-2-177-16.deploy.akamaitechnologies.com.www > josiah-desktop.local.34594: . 1448:2896(1448) ack 1 win 6266 <nop,nop,timestamp 612468726 176413364> 14:59:39.170052 IP josiah-desktop.local.34594 > a204-2-177-16.deploy.akamaitechnologies.com.www: . ack 2896 win 1313 <nop,nop,timestamp 176413372 612468726> ... 14:59:39.284334 IP ec2-174-129-15-1.compute-1.amazonaws.com.www > josiah-desktop.local.50615: P 3587518292:3587518498(206) ack 329762849 win 66 <nop,nop,timestamp 1308615091 176412617> 14:59:39.284367 IP josiah-desktop.local.50615 > ec2-174-129-15-1.compute-1.amazonaws.com.www: . ack 206 win 108 <nop,nop,timestamp 176413401 1308615091> 14:59:39.284374 IP ec2-174-129-15-1.compute-1.amazonaws.com.www > josiah-desktop.local.50615: F 206:206(0) ack 1 win 66 <nop,nop,timestamp 1308615091 176412617> 14:59:39.284580 IP josiah-desktop.local.50615 > ec2-174-129-15-1.compute-1.amazonaws.com.www: F 1:1(0) ack 207 win 108 <nop,nop,timestamp 176413401 1308615091>  
  • 3. A packet as seen by tcpdump 14:59:39.284374 IP ec2-174-129-15-1.compute-1.amazonaws.com.www > josiah-desktop.local.50615:F 206:206(0) ack 1 win 66 <nop,nop,timestamp 1308615091 176412617> 19:56:05.497478 arp who-has 192.168.1.16 tell 192.168.1.1 19:57:33.302510 IP 192.168.1.42.53708 > 192.168.1.24.snmp: GetRequest(38) E:hp.2.3.9.4.2.1.4.1.5.2.39.0 19:58:30.954951 IP 192.168.1.25.54733 > resolver1.opendns.com.domain: 23503+ PTR? 24.1.168.192.in-addr.arpa. (43) 19:58:30.990415 IP resolver1.opendns.com.domain > 192.168.1.25.54733: 23503 NXDomain 0/0/0 (43) 20:01:50.159642 IP 192.168.1.25.ntp > time7.apple.com.ntp: NTPv4, Client, length 48 20:09:37.686346 IP 192.168.1.25.63770 > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
  • 4.
  • 6.
  • 7.
  • 9. Setup nics and virtual nics
  • 12. Set rules that restrict traffic flow
  • 13. Set rules that enable traffic flow
  • 16.
  • 17. ip addr add 10.20.0.254/24 label eth0:1 dev eth0
  • 19. iproute - Routes ip route add default dev eth1 via 66.77.88.99 ip route add 10.0.0.0/24 dev eth1:1   ip route delete (ip r d) ip route change (ip r c)   ip route show (ip r s)
  • 20. iproute - the routing table $ ip route sh table main 10.0.0.0 dev eth0  scope link 10.11.12.0/24 dev eth0  proto kernel  scope link  src 10.11.12.13 192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.159  metric 1 169.254.0.0/16 dev eth0  scope link  metric 1000 default via 192.168.1.254 dev eth0
  • 21. iproute Rules! ip rule add from unknown type  unreachable priority 3000 ip rule add from enemy type blackhole priority 3001  ip rule add fwmark 1 table hide-the-good-stuff priority 3002 ip rule add from 10.10.20.0/24 to 192.168.0.0/24 type unreachable priority 3003
  • 22. iproute - Tunnels ip addr add 10.0.0.1/30 label eth1:1 dev eth1   ip tunnel add my_tunnel mode ipip local 10.0.0.1 /    remote 66.77.88.1 ttl 64 dev eth1 ip address add dev my_tunnel 10.0.0.1 peer 10.0.0.2/32
  • 23. iproute - neighbours $ ip neigh sh 192.168.1.5 dev eth0  FAILED 192.168.1.4 dev eth0 lladdr 00:1e:c9:dd:d8:b8 REACHABLE 192.168.1.254 dev eth0 lladdr 00:50:da:21:8c:11 REACHABLE 192.168.1.3 dev eth0  FAILED 192.168.1.2 dev eth0 lladdr 00:11:2f:11:08:3e STALE
  • 24. Thank You! http://josiahritchie.com/cposc09 Josiah Ritchie josiah@fim.org http://josiahritchie.com @josiahritchie facebook.com/josiah.ritchie