Essential HPing3 and TCPDump

Posted on Mon 21 September 2009 in misc

HPing3

Send 2 syn packets to port 80 on a host

hping3 -c 2 -S -p 80 example.com

scan a some specific ports on host sudo hping3 -S example.com --scan 143,220,993,25,80

TCPDump

capture packets on -ivenet0 interface, don't resolve addresses or port name (-nn) don't capture ssh traffic

tcpdump -ivenet0 -nn not tcp port 22

the same as above but don't print minimal information (useful as a quick guide to see whats going over the wire)

tcpdump -ivenet0 -nn -q not tcp port 22

specify a port and destination

tcpdump -ieth0 tcp port 443 and dst example.com

capture all payload (-s0) and print it in ASCII format (-v -A)

tcpdump -ivenet0 -s0 -nn -v -A not tcp port 22

dump all packets and payload to file

tcpdump -s0 -ieth0 port 80 -w localhostdump.pcap

tcpdump hping