used it many times daily
these are filter command in wireshark
+++++++++++++++++++++++++++++
CaptureFilters
An overview of the capture filter syntax can be found in the User's Guide. A complete reference can be found in the expression section of the tcpdump manual page.
Wireshark uses the same syntax for capture filters as tcpdump, WinDump, Analyzer, and any other program that uses the libpcap/WinPcap library.
특정 프로토콜에 대한 필터링을 원하시면 아래의 링크를 확인하시기 바랇니다. ProtocolReference.
차례
1.CaptureFilters
1.Examples
2.Useful Filters
3.Default Capture Filters
4.Further Information
5.See Also
6.Discussion
Examples
특정 호스트로 부터의 패킷만 필터링:
host 172.18.5.4
Capture only DNS (port 53) traffic:
port 53
HTTP와 SMTP 를 제외한 www.example.com 에 대한 모든 트래픽을 캡쳐할 때:
host www.example.com and not (port 80 or port 25)
host www.example.com and not port 80 and not port 25
DNS와 ARP를 제외한 모든 트래픽을 캡쳐할 때:
port not 53 and not arp
포트 레인지로 캡쳐 하는법:
(tcp[2:2] > 1500 and tcp[2:2] < 1550) or (tcp[4:2] > 1500 and tcp[4:2] < 1550)
또는 새버젼의 libpcap 설치후 (0.9.1 and later):
tcp portrange 1501-1549
EAPOL 이더넷 타입만 캡쳐할 때:
ether proto 0x888e
멀티캐스트 링크레이어 디스커버리 프로토콜을 제외 할 때 :
not ether dst 01:80:c2:00:00:0e
IP 트래픽만 캡쳐 할때 :
ip
유니캐스트 트래픽만 캡쳐할때 :
not broadcast and not multicast
개인적으로 사용하는 필터링 :
특정 호스트 캡쳐 :
Ip.host==192.168.1.1
특정 소스 주소 :
Ip.src==192.168.1.1
특정 목적지 주소 :
Ip.dst==192.168.1.1
소스와 목적지 주소가 같은 트래픽 :
Ip.src==192.168.1.1 || ip.dst==192.168.1.1
특정소스에서 특정 목적지로 가는 패킷 :
Ip.src==192.168.1.1 || ip.dst==192.168.10.1
ip.src==192.168.1.1 && ip.dst==192.168.10.1
프로토콜별
http 만 캡쳐(모두 동일)
http
dns, telnet, ssh, bootp(dhcp), http 등등
특정 맥주소의 bootp 검색 :
bootp.hw.mac_addr==00:10:11:11:ab:cd
특정 ip주소의 bootp 검색 :
Bootp.ip.client==192.168.1.1
Tcp 특정포트 :
tcp.port==135
하나 이상의 포트 :
tcp.port==135 and tcp.port==80
syn 만 캡쳐 할 때 :
tcp.flags.syn == 1
fin 만 캡쳐할 때 :
tcp.flags.fin == 1
특정 도메인 캡쳐:
http.host==www.naver.com
특정 대역의 주소로부터 오는 특정 목적지 포트의 트래픽 캡쳐(포트캡쳐의 경우 udp도 동일하게 적용됩니다) :
tcp.port==135 and ip.addr==192.168.0.1/24
Useful Filters
Blaster 와 Welchia 웜 트래픽만 캡쳐할 때.
Blaster worm:
dst port 135 and tcp port 135 and ip[2:2]==48
Welchia worm:
icmp[icmptype]==icmp-echo and ip[2:2]==92 and icmp[8:4]==0xAAAAAAAA
해당 필터를 이용하여 캡쳐를 하게되면 같은 네트워크 대역에서 오는 syn 패킷을 감시하지 않아도 되며 해당 웜이 전파되는 특정 포트만을 감시할수 있습니다. 네트워크 주소는 실제 사용하는 네트워크 로 변경을 해야합니다.
dst port 135 or dst port 445 or dst port 1433 and tcp[tcpflags] & (tcp-syn) != 0 and tcp[tcpflags] & (tcp-ack) = 0 and src net 192.168.0.0/24
Wednesday, September 23, 2009
install bin file in ubuntu
very easy step so always forget about this lol
chmod +x filename.bin
./filename.bin
change file right
chmod 755 filename
change file ownerwhip
chown -r username filename
-r is to function as recursive
vi
next page ctrl + f
previous page ctrl + b
end of the file shift + g
cli
go to first of the line ctrl + a
go to end of the line ctrl + e
delete every thing on line ctrl + u
end everything ctrl + z
copy ctrl + insert
paste shift + insert
chmod +x filename.bin
./filename.bin
change file right
chmod 755 filename
change file ownerwhip
chown -r username filename
-r is to function as recursive
vi
next page ctrl + f
previous page ctrl + b
end of the file shift + g
cli
go to first of the line ctrl + a
go to end of the line ctrl + e
delete every thing on line ctrl + u
end everything ctrl + z
copy ctrl + insert
paste shift + insert
Tuesday, September 8, 2009
to get usb to serial device working under ubuntu
http://blog.mypapit.net/2008/05/how-to-use-usb-serial-port-converter-in-ubuntu.html
Wednesday, August 19, 2009
Thursday, July 30, 2009
Cisco router IPSEC sample config per device page
http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html
Wednesday, May 6, 2009
centos5.2 wine install problem
when I tried yum install wine it gave me
[root@localhost ~]# yum install wine
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.files.bigpond.com
* updates: mirror.files.bigpond.com
* addons: mirror.files.bigpond.com
* extras: mirror.files.bigpond.com
Setting up Install Process
Parsing package install arguments
No package wine available.
Nothing to do
suffered web for long and found this link.
the only thing i needed to do was
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-2.noarch.rpm
yum install foo
then i was able to find the wine with yum
have a look and enjoy..
https://fedoraproject.org/wiki/EPEL/FAQ#howtouse
[root@localhost ~]# yum install wine
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.files.bigpond.com
* updates: mirror.files.bigpond.com
* addons: mirror.files.bigpond.com
* extras: mirror.files.bigpond.com
Setting up Install Process
Parsing package install arguments
No package wine available.
Nothing to do
suffered web for long and found this link.
the only thing i needed to do was
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-2.noarch.rpm
yum install foo
then i was able to find the wine with yum
have a look and enjoy..
https://fedoraproject.org/wiki/EPEL/FAQ#howtouse
Friday, May 1, 2009
dimdim
dimdim web conferencing server installation manual(ver 4-5).
http://share.auditory.ru/2009/Yakov.Lyskov/Dimdim_SF_CentOS5.2_RPM_Readme_v4.5.txt
http://share.auditory.ru/2009/Yakov.Lyskov/Dimdim_SF_CentOS5.2_RPM_Readme_v4.5.txt
cisco routers & switches password recovery
http://www-tss.cisco.com/eservice/compass/common/Tool-Password_sel.html
http://www.cisco.com/en/US/products/hw/routers/ps380/products_password_recovery09186a00800942c2.shtml
http://www.cisco.com/en/US/products/hw/routers/ps380/products_password_recovery09186a00800942c2.shtml
Saturday, April 4, 2009
running dynagen on linux
the IOS file supposed to unzipped first ..
then follow like below
Pretty simple:
1) Install your Linux distro.
2) Download the latest version of Dynamips and place it in somewhere like /opt/dynamips
3) Download Dynagen and place it in somewhere (like /opt)
4) Create links to dynamips and dynagen in /usr/local/bin. Example:
Code:
ln -s /opt/dynagen-0.9.0/dynagen /usr/local/bin/dynagen
ln -s /opt/dynamips/dynamips-0.2.7-RC1-x86.bin /usr/local/bin/dynamips
5) Create your .dynagen network confoguration (.net) file(s). Note that most of the examples you see is for Windows. If you are going to use them you have to edit the Paths; Linux/Unix use slash ( / ) in their filesystem whereas Windows uses backslash ( \ )
6) Run Dynamips in Hypervisor mode. Exampe:
Code:
dynamips -H 7200
7) Run dynagen with your config file:
Code:
dynagen My-Lab.net
important!!! # cd /usr/local/bin and chmod 755 dynamips / chmod 755 dynagen
then follow like below
Pretty simple:
1) Install your Linux distro.
2) Download the latest version of Dynamips and place it in somewhere like /opt/dynamips
3) Download Dynagen and place it in somewhere (like /opt)
4) Create links to dynamips and dynagen in /usr/local/bin. Example:
Code:
ln -s /opt/dynagen-0.9.0/dynagen /usr/local/bin/dynagen
ln -s /opt/dynamips/dynamips-0.2.7-RC1-x86.bin /usr/local/bin/dynamips
5) Create your .dynagen network confoguration (.net) file(s). Note that most of the examples you see is for Windows. If you are going to use them you have to edit the Paths; Linux/Unix use slash ( / ) in their filesystem whereas Windows uses backslash ( \ )
6) Run Dynamips in Hypervisor mode. Exampe:
Code:
dynamips -H 7200
7) Run dynagen with your config file:
Code:
dynagen My-Lab.net
important!!! # cd /usr/local/bin and chmod 755 dynamips / chmod 755 dynagen
nfs with autofs on linux
been thinking how to do volume sharing on two different servers..
anyway there is an option like windows sharing option
http://sgowtham.net/blog/2007/11/14/nfs-server-client-set-up-with-autofs/
anyway there is an option like windows sharing option
http://sgowtham.net/blog/2007/11/14/nfs-server-client-set-up-with-autofs/
mysql - basic guide
its been a pain for me sometimes I have to deal with servers and especially mysql things..
this is a simple and easy guide to follow for initial setup ..
but further more like dumping data or export ... etc isn't covered..
follow the link and enjoy..
http://fedorasolved.org/Members/opsec/installing-configuring-mysql-server
this is a simple and easy guide to follow for initial setup ..
but further more like dumping data or export ... etc isn't covered..
follow the link and enjoy..
http://fedorasolved.org/Members/opsec/installing-configuring-mysql-server
Friday, March 13, 2009
MPLS Practice netfile
here is the netfile using 3660 multiservice platform with 12.3 entprise ios..
will do soon and post the result..
*** netfile ***
model = 3660
ghostios = False
autostart = False
[localhost:7200]
[[3660]]
#workingdir = c:\dynagen\newmap
image = E:\study\images\c3660-jk9s-mz.123-25.bin
ram = 96
mmap = True
idlepc = 0x604c22b4
[[ROUTER r1]]
console = 10001
model = 3660
[[ROUTER r2]]
console = 10002
model = 3660
[[ROUTER r3]]
console = 10003
slot1 = NM-1FE-TX
f0/0 = r1 f0/0
f0/1 = r2 f0/0
f1/0 = r4 f0/0
model = 3660
[[ROUTER r4]]
console = 10004
f0/1 = r5 f0/1
model = 3660
[[ROUTER r5]]
console = 10005
#slot1 = NM-16ESW
model = 3660
[[ROUTER r6]]
console = 10006
model = 3660
slot1 = NM-1FE-TX
f0/0 = r7 f0/0
f0/1 = r8 f0/0
f1/0 = r5 f0/0
[[ROUTER r7]]
console = 10007
model = 3660
[[ROUTER r8]]
console = 10008
model = 3660
good networking information
very good networking information for basic ..
this will help a lot ..
http://cafe.naver.com/neteg/34060
this will help a lot ..
http://cafe.naver.com/neteg/34060
Thursday, March 12, 2009
first time..
never knew there is a blog with free lol ..
ok .. so I will start record with dynagen, network stuff, linux and my family.
seems boring ??
ok .. so I will start record with dynagen, network stuff, linux and my family.
seems boring ??
Subscribe to:
Comments (Atom)