how to investigate attacher

how to investigate attacker


1 minute read

# -i LAN interface
# -s packet data length
# -A display with ASCII
# -w {destination} (you can open with wireshark)
# -nn display raw host name and port number.
# -p promiscuous mode (reccomend off)

$ sudo tcpdump -i eth0 -s 0 -A -w ./dumfile.pcap -nn -p [port xx]
$ sudo tcpdump -i eth0 -s 0 -p port xx | grep 10.0

if you turn on promiscuous mode (mode of NIC), remove packet filter and read all packets on same networking. if you turn off, only capture packets which to host. although you can…