zeus
/
lab
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

ex 2

master
test2 5 years ago
parent
175fac3754
commit
6c3482e250
1 changed files with 154 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 154
      sec/ex-2_iptables.adoc

154
sec/ex-2_iptables.adoc
View File

@ -0,0 +1,154 @@
= Network analysis !
Apostolos rootApostolos@swarmlab.io
// Metadata:
:description: Intro and Install
:keywords: sec, tcpdump
:data-uri:
:toc: right
:toc-title: Πίνακας περιεχομένων
:toclevels: 4
:source-highlighter: highlight
:icons: font
:sectnums:
include::header.adoc[]
{empty} +
[[cheat-Docker]]
== Install swarmlab-sec (Home PC)
HowTo: See http://docs.swarmlab.io/lab/sec/sec.adoc.html
.NOTE
[NOTE]
====
Assuming you're already logged in
====
**tcpdump** is a common packet analyzer that runs under the command line. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license, tcpdump is free software.
https://en.wikipedia.org/wiki/Tcpdump[More: wikipedia]
== Basic
=== Everything on an interface
Just see what’s going on, by looking at what’s hitting your interface.
[source,bash]
----
tcpdump -i eth0
----
=== Find Traffic by IP
One of the most common queries, using host, you can see traffic that’s going to or from 1.1.1.1.
[source,bash]
----
tcpdump host 1.1.1.1
----
=== Filtering by Source and/or Destination
If you only want to see traffic in one direction or the other, you can use src and dst.
[source,bash]
----
tcpdump src 1.1.1.1
tcpdump dst 1.0.0.1
----
=== Finding Packets by Network
To find packets going to or from a particular network or subnet, use the net option.
[source,bash]
----
tcpdump net 1.2.3.0/24
----
=== Show Traffic Related to a Specific Port
You can find specific port traffic by using the port option followed by the port number.
[source,bash]
----
tcpdump port 3389
tcpdump src port 1025
----
=== Show Traffic of One Protocol
If you’re looking for one particular kind of traffic, you can use tcp, udp, icmp, and many others as well.
[source,bash]
----
tcpdump icmp
----
=== Reading / Writing Captures to a File (pcap)
It’s often useful to save packet captures into a file for analysis in the future. These files are known as PCAP (PEE-cap) files, and they can be processed by hundreds of different applications, including network analyzers, intrusion detection systems, and of course by tcpdump itself. Here we’re writing to a file called capture_file using the -w switch.
[source,bash]
----
tcpdump port 80 -w capture_file
----
== Advanced
[appendix]
== How to use tcpdump
This exercise will show you how to isolate traffic in various ways—from IP, to port, to protocol, to application-layer traffic—to make sure you find exactly what you need as quickly as possible.
:hardbreaks:
{empty} +
{empty} +
{empty}
:!hardbreaks:
'''
.Reminder
[NOTE]
====
:hardbreaks:
Caminante, no hay camino,
se hace camino al andar.
Wanderer, there is no path,
the path is made by walking.
*Antonio Machado* Campos de Castilla
====
Write Preview
Loading…
Cancel
Save