Search This Blog

2013-04-05

Using tcpdump and nmap

Notes of my commonly used tcpdump arguments

tcpdump -ne -i $interface
-n - ensures that we're not resolving hostnames
-e - displays the Ethernet header. Useful for determining vlan id

TCP Remote thorough scan
nmap -sV -p 1-65535 -T4 -v --reason public.ip.address

UDP Remote thorough scan
nmap -sU -sV -p 1-65535 -T4 -v --reason public.ip.address

Checking if a specific port is open
nmap -PS -p (port#) ip.address.or.hostname
-PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
PS could be replaced with a service scan: -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans

tcpdump tutorials: http://www.danielmiessler.com/study/tcpdump/
Looking at open ports using lsof: http://www.danielmiessler.com/study/lsof/

No comments:

Post a Comment