Hooper Labs

Networking Notes (TCP/IP)


IPV6 iptables rules

	cat /etc/iptables/rules.v6

IPv4 iptables rules

	cat /etc/iptalbes/rules.v4

Wireless Configuration

Configure wlan0 interface

	ifconfig wlan0 <ip-address>

Start DNS/DHCP server

	service dnsmasq restart

Enable routing

	sysctl net.ipv4.ip_forward=1

Enable NAT

	iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Run access point daemon

	hostapd /etc/hostapd/hostapd.conf

WireShark Decrypt SSL Traffic

	Create SSLKEYLOGFILE environment variable pointing to log file.  (May have to run Chrome.exe --ssl-key-log-file=C:\Temp\ssl-keys.log

Packets and Packet Captures (usually run elevated)

Capture OSPF traffic

	tcpdump -i eth0 -n "ip[9]==89"

Remove TCP headers and dump TCP payloads into separate files

	tcpick -wR -r capture.pcap

Remove TCP headers and dump TCP payloads into separate files for Client or Server only

	tcpick -wR{C,S} -r capture.pcap


Import Scapy

	from scapy.all import scapy

Send ICMP with Payload


Read a PCAP File


Show a Summary


Show TCP Layer of Packet


Change src IP of packet

	packet.src = ""

Craft an IP packet

	p = IP(dst="")

Add a OSI Layer to a Packet

	p = p / TCP(dport=443)

Gather all "Raw" data of every packet

	pkt[Raw].load for pkt in TCP_PACKETS if Raw in pkt

Add Raw Data Paylaod

	packet /= Raw("\xaa\xaa\x03\x00")

Do things for all packets in a pcap

	sniff(offline="test.pcap",prn=handler_function,filter="tcp or udp")

Find Destination of Ether Layer


Find Destination of IP Layer


Find Destination Port of TCP Layer


Send packet to a List of Ports

	p = IP(dst="") / TCP(dport=[22,80,443,1024])

Separate packets into Answered vs Unanswered Packets

	ans,unans = sr(packet)

Show Summary of Packets Info


Show Details of Packets Info


Show only IP Details of Packet

	packet[IP].show() OR packet["IP"].show()

Hex Dump of Packet



SSH Hop through host

	ssh -J user1@host1 user2@host2

Upload File with SSH

	ssh user1@host1 tee rfile < lfile

Download File with SSH

	ssh user1@host1 cat rfile > lfile

Socat Redirector

Detatch process from shell


Redirect with socat

	sudo socat TCP4-LISTEN:80,fork TCP4:secure.losenolove.com:80

Detatch Screen

	screen -d

VLAN Hopping


	Takes advantage of a switch misconfiguration with the DTP (Dynamic Trunking Protocol) mode.  If the mode is set to dynamic desirable, the attacker can negotiate its own trunk 


	yersinia --> DTP --> launch attack --> "enable trunking"

Add a VLAN interface