+1-323-909-4740 blog@hegars.com

TSHARK DNS queries

using tshark to looks at DNS queries over the wire tshark -f "udp port 53" -Y "dns.qry.type == 255 and dns.flags.response == 0" https://www.ietf.org/rfc/rfc1035.txt tshark -f "udp port 53" -Y "dns.qry.type ==1 and dns.flags.response == 0" tshark -f "udp port 53" -Y...

TCPDUMP websites

Get websites being access over the wire. #!/bin/bash tcpdump -A -s 10240 ‘tcp port 80 and (((ip[2:2] – ((ip[0]&0xf)2)) != 0)’ | egrep –line-buffered “^……..(GET |HTTP\/|POST |HEAD )|^[A-Za-z0-9-]+: ” | sed -r...

TCPDUMP MySQL

This script is to monitor SQL transactions over the wire. #!/bin/bash #this script used monitor mysql network traffic.echo sql tcpdump -i eno1 -s 0 -l -w - dst port 3306 | strings | perl -e ' while() { chomp; next if /^[^ ]+[ ]*$/;...