🤯 I just extracted hexadecimal output from the #TRCCNN command used to do packet captures on AS/400 / iSeries / IBM i.
Then I manually decided the IP header, then the TCP header, and ignored application data.
This #yackShave helps diagnose a problem that is causing a CPU spike in an in production system that I’m being asked to help diagnose.
BPF Ninja: Making Sense of Tcpdump, Wireshark, and the PCAP World:
https://medium.com/@cyberengage.org/bpf-ninja-making-sense-of-tcpdump-wireshark-and-the-pcap-world-6905797b94d4
Before Wireshark, originally called Ethereal, packet sniffing was largely the domain of command line tools like tcpdump. Released in 1988, tcpdump gave users a raw, text based way to inspect network traffic. It was powerful, but also opaque and hard to master, especially for newcomers. You had to know exactly what you were looking for, and interpreting the data meant sifting through walls of cryptic output.
Then came Wireshark.
It brought a graphical interface to the world of packet analysis and made deep network inspection far more accessible. Users could visually follow TCP streams, filter by protocol, decode packets in real time, and dissect application level data with ease. Wireshark didn't just make packet sniffing easier, it changed how people learned networking and security. Today it is one of the most widely used tools for education, ethical hacking, malware analysis, and protocol development.
From dorm rooms to data centers, Wireshark made network hacking look good and work better.
#Wireshark #tcpdump #PacketSniffing #NetworkSecurity #InfosecTools #HackingHistory #FOSS
Wireshark на службе защитников
Как узнать, что происходит в вашей сети, если внешние защитные рубежи не спасают от внутренних угроз? Анализ сетевого трафика — мощный инструмент, который позволяет выявлять подозрительную активность, расследовать инциденты и настраивать системы защиты так, чтобы злоумышленникам не осталось лазеек. В этой статье мы разберём, как использовать Tcpdump и Wireshark для сбора и анализа трафика, фильтровать лишние данные, выявлять атаки вроде ARP Spoofing и SYN Flood, а также находить уязвимости в сети до того, как ими воспользуются.
https://habr.com/ru/companies/otus/articles/891980/
#wireshark #arpspoofing #synflood #сетевой_трафик #анализ_трафика #Tcpdump #уязвимости
Spy-Free FuriOS https://furilabs.com/spy-free-furios/
FuriOS Doesn’t Spy on You - Unlike the Others. Read more.
#flx1 #furios #furilabs #FuriPhoneFLX1 #LinuxOnMobile #LinuxMobile #privacy #pcap #tcpdump #telemetry
The latest release of the #AirGradient firmware removed the code that phones home to the company servers even when you check the to to explicitly tell it not to do so. This is a big win for #privacy and #SelfHosting!
https://github.com/airgradienthq/arduino/releases/tag/3.2.0
I plan on flashing this onto my device and testing it to verify nothing was missed. #tcpdump and #wireshark are my friends. 😄
#security #cybersecurity #infosec #OpenSource #OpenHardware #electronics
Firewall не спасёт
Сгенерировано с помощью GIGA-CHAT Межсетевые экраны издревле применяются для блокирования входящего трафика нежелательных приложений. Обычно для этого создаются правила фильтрации, разрешающие входящий трафик по явно указанным сетевым портам и запрещающие весь остальной. При этом легитимные приложения, монопольно владеющие открытыми портами, работают без проблем, а вот нежелательные остаются без связи, поскольку все доступные им порты блокируются межсетевым экраном. Данный подход давно отработан и стар как мир, казалось бы, что тут может пойти не так? А оказывается, может и вполне идёт. Далее из этой статьи вы узнаете две техники обхода межсетевых экранов, позволяющие нежелательным приложениям преодолевать фильтрацию входящего сетевого трафика и получать команды от удалённых узлов.
https://habr.com/ru/companies/ruvds/articles/874292/
#ruvds_статьи #firewall #nftables #python #powershell #shell #tcpdump #wireshark #tshark #взлом #nginx #ssh
The #infosec low hanging fruit easy win is a simple solution:
#AuditOfficerProxies #StateSponsoredMalware #accesslogs & #Meta via #TCPDUMP #EvidenceCollected already that proves exactly this fact!
#infosec #StateSponsoredMalwareAudits #CALEAGreyMarket #CALEAInvestgations
#OfficerProxy🤝#OrganziedCrimeRings 🔍🧐⚖️👮👩⚖️👨⚖️
BOLO for #OfficerProxy
#OfficerProxy has been known to hide #IdentityTheftRings & #GangStalkers using #OfficerProxies access to this #CALEA #StateSponsoredMalware access to #GammaGroup's #FinFisher #FinSpy #Finsky #malware by #FacebookGroups organizing their targeted #IdentityTheft using #FakeProfiles of their targets.
Be aware that some #OfficerProxies are getting thousands of dollars of ' kickbacks for access ' for their criminal #Facebook leverage #OrganizedCrimeRings in multiple states and cities.
#InternalAffairs #investigations
#infosec #Fortune1000 #CorporateEspionage #CISO #TCPDUMP #MetaUsers 👨⚖️👩⚖️⚖️👮
TIP: If you want to utilize #LLM to analyze and/or troubleshoot your #tcpdump pcap, you can do so by exporting packet dissections as plain text and then selecting only Bytes options. It's helpful for range of basic to medium cases.
Today is also a remeberence day of how #StateSponsoredMalware from #GammaGroup is used for a #masssurveillance #GreyMarketCALEA #DigitalSlaverySystem but also is being watched by other #StateSponsoredMalware that competes with #FinFisher #FinSpy #Finsky who's 100's of MILLIONS of installs of its clients in #AMER is used for #cryptowallettheft, #identitytheft , #propaganda & #GangStalking purposes by #OfficerProxys', luckily, #InternalAffairs can review who accessed what, when & where, for public reviews 🔍🧐.
Every Day is #infosec
👀
🔬
☣️📲☣️
👨⚖️ #CALEA #TCPDUMP #watchDay 👩⚖️
And on another good news, got some sign of life from a #tcpdump / #libpcap maintainer. Hopefully the @batadv dissector for libpcap will be merged eventually... It's been more than 4 years already with only eventual feedback from upstream... This would really help with debugging network issues, especially on #embedded devices, and capturing only the data you need with minimal performance overhead.
2024-12-18 (Wednesday): Posted a #pcap with one week of server scans. probes & web traffic hitting my server at www.wiresharkworkshop[.]online.
Window of traffic in the pcap is from 2024-12-13 at 00:00:00 UTC to 2024-12-18 at 23:59:59 UTC
It's an Apache web server (no HTTPS) with a small index page. I have a session of #tcpdump running to capture any traffic over the external interface.
I filter out the internal traffic generated for OS updates, NTP and such, so it should only have the external traffic coming in and the server's response to it.
https://www.malware-traffic-analysis.net/2024/12/18/index.html
Also: My pull-request for #tcpdump / #libpcap to add #batman_adv support to it is now four years old. "Happy" birthday! :loading: ...
https://github.com/the-tcpdump-group/libpcap/pull/980
It has been zero* days since #tcpdump and #Wireshark have helped solve a problem.
I read a response from an application developer this morning saying that the packet capture I collected on Friday gave them insight into what the problem was.
*zero because of when I read reply / three for when I captured and analyzed traffic
KubernetesのネットワークオブザーバビリティプラットフォームRetinaを試してみた<後編:キャプチャ使いこなし編>
https://qiita.com/melknzw/items/563cfcdcf5ff76917d6a?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items
#TIL two new #GamaGroup #FinFisher #FinSpy #Finsky verified attaccc node FQDN & ips! 🤡🔴😆
Here's the verified #GammagRoUp attaccc node list for your #TCPDUMP #Meta🔍🧐 list of #CorporateEspionage targets to add to the #watchlists
🤡
⚠️
👇
https://infosec.exchange/@infosec_jcp/111643255388069969
#Investigate🤝#TCPDUMP🤝#Meta🤝#GammaGroup🤝2000-2024
🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥
Here are some more highlights from the agenda of SharkFest'24 EUROPE, coming up this 4-8 November in Vienna, Austria!
- How to analyze like a pro (Roland Knall)
- Making online conferencing work in secured company networks (Robert Hess)
- Automatically trigger captures via #tcpdump when a suspicious event occurs in your Kubernetes cluster (Thomas Labarussias)
Find out more and register: https://sharkfest.wireshark.org/sfeu
