Network forensics with tshark

Let’s say we have a packet capture file (.pcap) and we want to get as much information out of it as possible. One option could be wireshark and its command line version tshark. Using the latter we will be able to manipulate and format the output using tools like sed, grep, awk…

Extracting host names with tshark

Since we are dealing with mostly http traffic we may be interested in the sites that have been visited. To obtain this information we can use the http.host field and then a bit of sorting and this will show us the top 10 sites.

tshark -T fields -e http.host -r tor.pcap > dns.txt
cat dns.txt | sort | uniq -c | sort -nr | head

Read more

Finding windows host on your network

If you ever wondered if there is a quick way to find all the Windows host in your network with exact version information, you are in the right place! We are going to see a few tools that will aid us in this task by quering the CIFS service (also known as SMB / NetBIOS) which is run by all Windows host.

To get us started let’s see the nbtscan tool, we can give it network range in the form of a CIDR or just with two values separated with a dash. This will give us a nice list of all the Windows host on our network with their netbios names.

Read more

Socat: A very powerful networking tool

Welcome to this socat tutorial. Socat is a network utility similar to netcat. Socat supports ipv6 and ssl and is available for both windows and linux. The first thing you will notice with this tool is that it has a different syntax on what you are used to with netcat or other standard unix tools. … Read more

CLI ninja: Ping Sweep

Ever wanted to do a ping sweep in this new network you just broke in but you don’t want (or can’t, for some reason, AVs etc…) to upload any tools? Or even in your own network but you don’t have time to install nmap for whatever reason? Well, you can still do it by leveraging … Read more

Introducing Dirfuzz

Dirfuzz is a tool for directory discovery of web applications, by default it uses a dictionary based approach which is in data/fdirs.txt it can also use the crawler module to find links up to 1 level of depth. Dirfuzz is designed to give you plenty of information fast and without having to scroll through hundreds … Read more