Jan 26, 2018
Scans the entire network for example for open ports, operating systems. You can customize Nmap with Nmap Scripting Engine (NSE), if you want a GUI use Zenmap.
Use -v , -vv , -vvv for verbose information.
Scan an single address:
$ nmap 192.168.0.24
Pingscan:
$ nmap -sP 192.168.0.*
TCP scan, protocol scan, version scan, OS scan:
$ nmap -sS -P0 -sV -O 192.168.0.2
How higher T, how faster the scan, but can be inaccurate:
$ nmap -T5 192.168.1.0/24
Scan the top 20 ports:
$ nmap --top-ports 20 192.168.0.0/24
TCP connect scan:
$ nmap -sT -p80 192.168.0.0/24
Decoy attack, also "attacks" with other ip addresses:
$ nmap -sS 192.168.0.0-5 -D 192.168.0.99, 192.168.0.98
Skip the ping process:
$ nmap -Pn 192.168.0.0/24
Scan a lot of things:
$ nmap -A -T4 192.168.0.2
Massive scan: (with scripts, see below)
# nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 \
-PA80,113,443,10042 -PO --script all
$ nmap -6 <ipv6-address>
$ nmap --iflist
$ nmap --script=default 192.168.0.2
$ nmap -sC 192.168.0.2
Show all available scripts:
$ nmap --script-help discovery
Use of a script:
$ nmap --script=dos 192.168.0.2
Group scripts:
$ nmap --script "safe and exploit" 192.168.0.2
Tcpdump is a most powerful and widely used command-line packets sniffer or package analyzer tool which is used to capture or filter TCP/IP packets that received or transferred over a network on a specific interface.
Use -v , -vv , -vvv for verbose information, increase the amount of packet information.
Show all interfaces:
# tcpdump --list-interfaces
# tcpdump -D
Lsten to any interfaces:
# tcpdump -i any
Listen to specific interfaces and see the basics:
# tcpdump -nS -i wlp8s0
Do not resolve hostnames or portnames:
# tcpdump -nn -i wlp8s0
Be less verbose, quite:
# tcpdump -q -i wlp8s0
Show a lot of information/packer (packet content in hex and ascii):
# tcpdump -xxvvv -i wlp8s0
Only get ICMP packets:
# tcpdump icmp -i wlp8s0
Decrypt IPSEC traffic by providing an encryption key:
# tcpdump -E -i wlp8s0
Print absolute sequence numbers and get ethernet header:
# tcpdump -Se -i wlp8s0
Heavy packet viewing, grab the whole packet:
# tcpdump -nnvvXSs 1514 -i wlp8s0
Look for traffic based on the IP address or find traffic from src & Digest:
# tcpdump host 192.168.0.1 -i wlp8s0
# tcpdump src 192.168.0.2 -i wlp8s0
See only traffic to or from a certain ports:
# tcpdump (src,dst) port 3838 -i wlp8s0
Combine Filters:
# tcpdump udp and src port 53 -i wlp8s0
and &&
or ||
not !
Example:
# tcpdump -nvvXSs 1514 dst 192.168.0.2 and \
src 192.168.0.1 and not icmp -i wlp8s0
# tcpdump -nnvvXSs 1514 port 443 -i wlp8s0 -w capture_file
Read from a file:
# tcpdump -r capture_file
Show all URGENT (URG) packets:
# tcpdump ‘tcp[13] & 32!=0‘
Show all ACKNOWLEDGE (ACK) packets:
# tcpdump ‘tcp[13] & 16!=0‘
Show all PUSH (PSH) packets:
# tcpdump ‘tcp[13] & 8!=0‘
Show all RESET (RST) packets:
# tcpdump ‘tcp[13] & 4!=0‘
Show all SYNCHRONIZE (SYN) packets:
# tcpdump ‘tcp[13] & 2!=0‘
Show all FINISH (FIN) packets:
# tcpdump ‘tcp[13] & 1!=0‘
Ipv6 traffic:
# tcpdump ip6
Packets with both the RST and SYN flag set:
# tcpdump ‘tcp[13] = 6’
Traffic with the 'Evil Bit' set:
# tcpdump ‘ip[6] & 128 != 0‘
1