Hooper Labs

Networking Notes (TCP/IP)



IPV6 iptables rules

cat /etc/iptables/rules.v6

IPv4 iptables rules

cat /etc/iptalbes/rules.v4

Wireless Configuration

Configure wlan0 interface

ifconfig wlan0 <ip-address>

Start DNS/DHCP server

service dnsmasq restart

Enable routing

sysctl net.ipv4.ip_forward=1

Enable NAT

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Run access point daemon

hostapd /etc/hostapd/hostapd.conf

WireShark Decrypt SSL Traffic

Create SSLKEYLOGFILE environment variable pointing to log file. (May have to run Chrome.exe --ssl-key-log-file=C:\Temp\ssl-keys.log

Packets and Packet Captures (usually run elevated)

Capture OSPF traffic

tcpdump -i eth0 -n "ip[9]==89"

Remove TCP headers and dump TCP payloads into separate files

tcpick -wR -r capture.pcap

Remove TCP headers and dump TCP payloads into separate files for Client or Server only

tcpick -wR{C,S} -r capture.pcap


Import Scapy

from scapy.all import scapy

Send ICMP with Payload


Read a PCAP File


Show a Summary


Show TCP Layer of Packet


Change src IP of packet

packet.src = ""

Craft an IP packet

p = IP(dst="")

Add a OSI Layer to a Packet

p = p / TCP(dport=443)

Gather all "Raw" data of every packet

pkt[Raw].load for pkt in TCP_PACKETS if Raw in pkt

Add Raw Data Paylaod

packet /= Raw("\xaa\xaa\x03\x00")

Do things for all packets in a pcap

sniff(offline="test.pcap",prn=handler_function,filter="tcp or udp")

Find Destination of Ether Layer


Find Destination of IP Layer


Find Destination Port of TCP Layer


Send packet to a List of Ports

p = IP(dst="") / TCP(dport=[22,80,443,1024])

Separate packets into Answered vs Unanswered Packets

ans,unans = sr(packet)

Show Summary of Packets Info


Show Details of Packets Info


Show only IP Details of Packet

packet[IP].show() OR packet["IP"].show()

Hex Dump of Packet



SSH Hop through host

ssh -J user1@host1 user2@host2

Upload File with SSH

ssh user1@host1 tee rfile < lfile

Download File with SSH

ssh user1@host1 cat rfile > lfile

Socat Redirector

Detatch process from shell


Redirect with socat

sudo socat TCP4-LISTEN:80,fork TCP4:secure.losenolove.com:80

Detatch Screen

screen -d

VLAN Hopping


Takes advantage of a switch misconfiguration with the DTP (Dynamic Trunking Protocol) mode. If the mode is set to dynamic desirable, the attacker can negotiate its own trunk


yersinia --> DTP --> launch attack --> "enable trunking"

Add a VLAN interface