burim:tcpdump
syn, syn-ack, ack
- syn only
tcpdump 'tcp[tcpflags] & (tcp-syn) != 0 and tcp[tcpflags] & (tcp-ack) == 0'
tcpdump -i br-lan host 10.11.13.254 and tcp and 'tcp[13] & 2 != 0'
- ack
tcpdump -i br-lan host 10.11.13.254 and tcp and 'tcp[13] == 18'
- syn or syn-ack
tcpdump -i br-lan host 10.11.13.254 and tcp and 'tcp[13] & 2 != 0 or tcp[13] == 18'
- syn, ack, syn-ack
tcpdump -i br-lan host 10.11.13.254 and tcp and 'tcp[13] & 2 != 0 or tcp[13] & 16 != 0'
DHCP tcpdump
tcpdump -i br-lan -pvn port 67 and port 68
- Kali Linux DHCP request
- DHCP tcpdump: listening on br-lan, link-type EN10MB (Ethernet), capture size 262144 bytes
15:58:05.507575 IP (tos 0xc0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 316)
0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:0c:29:8e:31:92, length 288, xid 0x5333e4b1, secs 1, Flags [none]
Client-Ethernet-Address 00:0c:29:8e:31:92
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Request
Client-ID Option 61, length 7: ether 00:0c:29:8e:31:92
Parameter-Request Option 55, length 17:
Subnet-Mask, Time-Zone, Domain-Name-Server, Hostname
Domain-Name, MTU, BR, Classless-Static-Route
Default-Gateway, Static-Route, YD, YS
NTP, Option 119, Classless-Static-Route-Microsoft, Option 252
RP
MSZ Option 57, length 2: 576
Requested-IP Option 50, length 4: 10.11.13.177
burim/tcpdump.txt · Last modified: 2024/05/28 14:56 by burim