Skip to content
danielcristho's docs

Networking Commands & Tools

tcpdump

Packet capture & analysis

Basic usage

Terminal window
$ sudo tcpdump -i wlp2s0 -n host danielcristho.site -v

-i stands for network interfaces, specified network interface to capture packets.

-n stands for no name resolution, disables DNS. Showing IP Addr and ports instead.

-v stands for verbose, enable verbose output. You can use -vv or -vvv for even more detailed output.

Testing:

Terminal window
# Sends ICMP
$ ping danielcristho.site -c 3


# Sends HTTP(S)
$ curl -v https://danielcristho.site
Terminal window
# client to server, my machine sends a SYN packet to server on port 443.


192.168.1.9.36310 > 66.33.60.130.443: Flags [S], cksum 0x4083 (incorrect -> 0x7da7), seq 3719579190, win 64240, options [mss 1460,sackOK,TS val 1417971474 ecr 0,nop,wscale 7], length 0
Terminal window
# server to client, the server response with SYN-ACK, this means the server is alive.


66.33.60.130.443 > 192.168.1.9.36310: Flags [S.], cksum 0x7cb1 (correct), seq 638980850, ack 3719579191, win 65535, options [mss 1400,sackOK,TS val 1246853303 ecr 1417971474,nop,wscale 8              ], length 0
Terminal window
#  my machine sending ICMP request. Then the destination "76.76.21.21" sends back an ICMP Reply to confirm it received the request.


11:28:34.370985 IP (tos 0x0, ttl 64, id 24767, offset 0, flags [DF], proto ICMP (1), length 84)
192.168.1.9 > 76.76.21.21: ICMP echo request, id 6, seq 1, length 64 11:28:34.387254 IP (tos 0x0, ttl 249, id 24767, offset 0, flags [DF], proto ICMP (1), length 84)

Capture only HTTPS (port 443):

Terminal window
$ sudo tcpdump -i wlp2s0 -n port 443

Verbosity and Timestamp

Terminal window
$ sudo tcpdump -i wlp2s0 -n -tttt -vvv host danielcristho.site

Save to “pcap”:

Terminal window
sudo tcpdump -i wlp2s0 -n host danielcristho.site -w capture.pcap

📝 Notes:

mss -> Max Segment Size

sackOK -> Selective Acknowledgement

wscale -> TCP window scaling factor

0x47455420 -> the hexa code for “GET”

0x504f5354 -> the hexa code for “POST”

0x48545450 -> the hexa code for “HTTP”

netcat (nc)

Port scan & debugging

subfinder

Subdomain discovery

Installation

Terminal window
$ go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
$ echo 'export PATH=$PATH:$HOME/go/bin' >> ~/.bashrc && source ~/.bashrc

For ZSH:

Terminal window
$ echo 'export PATH=$PATH:$HOME/go/bin' >> ~/.zshrc && source ~/.zshrc

Basic Usage

Terminal window
$ subfinder -d danielcristho.site

Output:

Terminal window
subfinder -d danielcristho.site


               __    _____           __
   _______  __/ /_  / __(_)___  ____/ /__  _____
  / ___/ / / / __ \/ /_/ / __ \/ __  / _ \/ ___/
 (__  ) /_/ / /_/ / __/ / / / / /_/ /  __/ /
/____/\__,_/_.___/_/ /_/_/ /_/\__,_/\___/_/


                projectdiscovery.io


[INF] Current subfinder version v2.9.0 (latest)
[INF] Loading provider config from /home/.config/subfinder/provider-config.yaml
[INF] Enumerating subdomains for danielcristho.site
link.danielcristho.site
www.danielcristho.site
docs.danielcristho.site
links.danielcristho.site
[INF] Found 4 subdomains for danielcristho.site in 1 second 543 milliseconds

Find deeper subdomains

Terminal window
$ subfinder -d example.com -recursive

Load Domain List from ‘.txt’

Create .txt file and add a list of domains:

danielcristho.site
example.com
Terminal window
$ subfinder -dL domains.txt