Hooper Labs

Home Cheat Sheets About Links Recipes

Networking Notes (TCP/IP)

======

Iptables

IPV6 iptables rules

cat /etc/iptables/rules.v6

IPv4 iptables rules

cat /etc/iptalbes/rules.v4

Wireless Configuration

Configure wlan0 interface

ifconfig wlan0 <ip-address>

Start DNS/DHCP server

service dnsmasq restart

Enable routing

sysctl net.ipv4.ip_forward=1

Enable NAT

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Run access point daemon

hostapd /etc/hostapd/hostapd.conf

WireShark Decrypt SSL Traffic

Create SSLKEYLOGFILE environment variable pointing to log file. (May have to run Chrome.exe --ssl-key-log-file=C:\Temp\ssl-keys.log

Packets and Packet Captures (usually run elevated)

Capture OSPF traffic

tcpdump -i eth0 -n "ip[9]==89"

Remove TCP headers and dump TCP payloads into separate files

tcpick -wR -r capture.pcap

Remove TCP headers and dump TCP payloads into separate files for Client or Server only

tcpick -wR{C,S} -r capture.pcap

Scapy

Import Scapy

from scapy.all import scapy

Send ICMP with Payload

send(IP(dst="10.1.99.2")/ICMP()/"HelloWorld")

Read a PCAP File

rdpcap('/path/to/pcap.cap')

Show a Summary

myPackets.show()

Show TCP Layer of Packet

myPackets[1][TCP]

Change src IP of packet

packet.src = "127.0.0.1"

Craft an IP packet

p = IP(dst="10.10.10.10")

Add a OSI Layer to a Packet

p = p / TCP(dport=443)

Gather all "Raw" data of every packet

pkt[Raw].load for pkt in TCP_PACKETS if Raw in pkt

Add Raw Data Paylaod

packet /= Raw("\xaa\xaa\x03\x00")

Do things for all packets in a pcap

sniff(offline="test.pcap",prn=handler_function,filter="tcp or udp")

Find Destination of Ether Layer

packet.dst

Find Destination of IP Layer

packet.paylaod.dst

Find Destination Port of TCP Layer

packet.payload.payload.dport

Send packet to a List of Ports

p = IP(dst="10.10.10.10") / TCP(dport=[22,80,443,1024])

Separate packets into Answered vs Unanswered Packets

ans,unans = sr(packet)

Show Summary of Packets Info

packet.summary()

Show Details of Packets Info

packet.show()

Show only IP Details of Packet

packet[IP].show() OR packet["IP"].show()

Hex Dump of Packet

hexdump(packet[TCP])

SSH

SSH Hop through host

ssh -J user1@host1 user2@host2

Upload File with SSH

ssh user1@host1 tee rfile < lfile

Download File with SSH

ssh user1@host1 cat rfile > lfile

Socat Redirector

Detatch process from shell

screen

Redirect with socat

sudo socat TCP4-LISTEN:80,fork TCP4:secure.losenolove.com:80

Detatch Screen

screen -d

VLAN Hopping

Info

Takes advantage of a switch misconfiguration with the DTP (Dynamic Trunking Protocol) mode. If the mode is set to dynamic desirable, the attacker can negotiate its own trunk

Tool

yersinia --> DTP --> launch attack --> "enable trunking"

Add a VLAN interface