Skip to main content

Posts

Showing posts from June, 2013

TcpDumpTutorial

When using a tool that displays network traffic a more natural (raw) way the burden of analysis is placed directly on the human rather than the application. This approach cultivates continued and elevated understanding of the TCP/IP suite, and for this reason I strongly advocate using tcpdump instead of other tools whenever possible.
An anagram for the TCP flags: Unskilled Attackers Pester RealSecurity Folk ] Show me all URGENT (URG) packets... # tcpdump 'tcp[13] &32!=0'
Show me all ACKNOWLEDGE (ACK) packets... # tcpdump 'tcp[13] &16!=0'
Show me all PUSH (PSH) packets... # tcpdump 'tcp[13] &8!=0'
Show me all RESET (RST) packets... # tcpdump 'tcp[13] &4!=0'
Show me all SYNCHRONIZE (SYN) packets... # tcpdump 'tcp[13] &2!=0'
Show me all FINISH (FIN) packets... # tcpdump 'tcp[13] &1!=0'
Show me all SYNCHRONIZE/ACKNOWLEDGE (SYNACK) packets... # tcpdump 'tcp[13]=18' [ Note: Only the PSH, RST, SYN, and FIN flags are displayed in…

Rare Window Commands

1: Find MAC address of all available interfaces :
getmac

2: Find Version of windows Os:
ver

3: Find SID using Other method
  whoami /user




4:Find System Information
systeminfo



5:find SID of window user
wmic useraccount where name='vishal' get sid



6:Find about wireless adapter and access point available around you:
 netsh wlan show all