Tuesday, February 19, 2013

Get a chunk of PCAP from a larger PCAP

One way of extracting pcap within a time constrain.
 
#editcap -A "2013-02-19 05:19:00" -B "2013-02-19 05:21:00" Input.pcap output.pcap



Second method

wireshark -r input.tcpdump -w output.tcpdump -R 'frame.time >=  "Aug 15, 1990 00:00:00" && frame.time <= "Aug 15, 1990 00:01:00" 



Thursday, February 7, 2013

SSH client predefine your Source Port

Hi

I was actually searching to see how I can set my source port to be of some fixed value while SSHing to a server,  I found the way in this link

http://www.linuxforums.org/forum/security/182001-how-do-i-specify-source-port-ssh-client.html

 These are all that you would be require to do.

# ncat -l 2222 --sh-exec "ncat SSH_SERVER_IP 22 -p 443"


From another terminal you can see that port 2222 is listening on my system locally

# netstat -antulp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      847/cupsd      
tcp        0      0 0.0.0.0:2222            0.0.0.0:*               LISTEN      13219/ncat    

Form another terminal I tried to ssh to my local machine port 2222.

$ ssh bala@localhost -p 2222
bala@localhost's password:
Linux SSH_SERVER_IP 2.6.32-5

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

bala@SSH_SERVER_IP:~$ exit
logout
Connection to localhost closed.
bala@bala-desktop:~$

Before I closed the connection shown above, I did this command from another terminal, which clearly shows that my source port to be 443.

bala@bala-desktop:~$ ss | grep 22
ESTAB      0      0               10.0.2.15:https        SSH_SERVER_IP:22