Tuesday, February 19, 2013

Get a chunk of PCAP from a larger PCAP

One way of extracting pcap within a time constrain.
#editcap -A "2013-02-19 05:19:00" -B "2013-02-19 05:21:00" Input.pcap output.pcap

Second method

wireshark -r input.tcpdump -w output.tcpdump -R 'frame.time >=  "Aug 15, 1990 00:00:00" && frame.time <= "Aug 15, 1990 00:01:00" 

Thursday, February 7, 2013

SSH client predefine your Source Port


I was actually searching to see how I can set my source port to be of some fixed value while SSHing to a server,  I found the way in this link


 These are all that you would be require to do.

# ncat -l 2222 --sh-exec "ncat SSH_SERVER_IP 22 -p 443"

From another terminal you can see that port 2222 is listening on my system locally

# netstat -antulp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *               LISTEN      847/cupsd      
tcp        0      0  *               LISTEN      13219/ncat    

Form another terminal I tried to ssh to my local machine port 2222.

$ ssh bala@localhost -p 2222
bala@localhost's password:
Linux SSH_SERVER_IP 2.6.32-5

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

bala@SSH_SERVER_IP:~$ exit
Connection to localhost closed.

Before I closed the connection shown above, I did this command from another terminal, which clearly shows that my source port to be 443.

bala@bala-desktop:~$ ss | grep 22
ESTAB      0      0             SSH_SERVER_IP:22