sudo a2enmod proxy
sudo a2enmod proxy_http
#!/bin/bash | |
# Connects to a wifi ssid available from command prompt on Raspberry pi | |
# run it with sudo | |
# you might have to kill wpa_supplicant and dhclient | |
# sudo killall wpa_supplicant | |
# sudo killall dhclient | |
apt -y install wireless-tools wpasupplicant |
#!/bin/bash | |
sudo pkill -9 -f tcpdump | |
while [ 1 ] | |
do | |
ip=`hostname -I | cut -f 1 -d ' '` | |
#exits after every 2 hrs | |
sudo tcpdump -i eth0 -G 7200 "host not $ip and not arp" -w - | ssh remote_location 'cat > ~/your_pcap_dir/`date +%F-%s`.pcap' | |
sleep 1 | |
done |
#!/usr/bin/env python3 | |
import concurrent.futures | |
import subprocess | |
from time import sleep | |
from scapy.all import * | |
IP_A = "10.9.0.5" | |
MAC_A = "02:42:0a:09:00:05" | |
IP_B = "10.9.0.6" | |
MAC_B = "02:42:0a:09:00:06" |
from requests.adapters import HTTPAdapter | |
from requests.packages.urllib3.poolmanager import PoolManager | |
import requests | |
class SourcePortAdapter(HTTPAdapter): | |
""""Transport adapter" that allows us to set the source port.""" | |
def __init__(self, port, *args, **kwargs): | |
self._source_port = port | |
super(SourcePortAdapter, self).__init__(*args, **kwargs) |
Wireshark has very nice and descriptive guide with examples on their official documentation page.
To select a TCP/UDP stream in a pcap, use tcp.stream
filter, for e.g., tcp.stream eq 1
or udp.stream eq 0
. If you are analysing a packet in a pcap and want to see the entire TCP/UDP session contaning that packet, you can do this as following: right click on the packet -> select Follow
-> select TCP Stream
or UDP Stream
. You can also do the same thing by shorcut option + shift + cmd + U
for UDP and option + shift + cmd + T
for TCP on mac.
To see various statistics of different protocols use -z option on Wireshark/tshark command, for e.g., Wireshark -z conv,eth your.pcap
. Same can be done by going to the menubar and selecting Statistics
-> Coversations
from the Wireshark GUI. For more options related to this see tshark [man page](https://www.wireshark
#!/usr/bin/env python3 | |
# -*- coding: ISO-8859-15 -*- | |
""" | |
This file contains some example methods of how pcaps can be parsed, filtered in different ways, and | |
converted to JSON representation with scapy and tshark(tshark is directly invoked on pcap). | |
It shows an example of how a tcp session can be extracted from a huge pcap consisting of multiple | |
sessions. | |
It also does a performance testing of those methods, but don't take the output as it is. |