tcpflow
Forensia
Our great sponsors
tcpflow | Forensia | |
---|---|---|
5 | 3 | |
1,643 | 657 | |
- | - | |
3.7 | 0.0 | |
9 months ago | 10 months ago | |
C++ | C++ | |
GNU General Public License v3.0 only | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
tcpflow
-
tcpdump is amazing (2016)
> where: timestamp is an optional timestamp of the time that the first packet was seen
https://github.com/simsong/tcpflow/blob/master/doc/tcpflow.1...
.B t
-
Don't skip outgoing traffic
tcpflow
- Tcpflow: TCP/IP Packet Demultiplexer
-
Getting Started with NMAP
Mentioning tcpflow here b/c it's one of the most useful networking related tools I know of that very few people even know about.
What does it do?
It can reassemble TCP packets back into the FULL body of the original message sent. e.g. if you make a HTTP GET request, it will show you the full text in a file stamped with the time, source and dest ips and port.
Things I've found it REALLY useful for:
- migrating a data center
- for some reason, connection works fine on the old DC but seems to time out in weird ways in the new DC
- No one can figure it out
- I suggest using tcpflow
- Turn out there was a setting in the new DC network hardware that was truncating larger packets and the authorization message was just over the threshold
People always say "yeah, but Wireshark" which is true, that's a good tool too. That being said, there is just something about seeing the "raw" text of a message sent by a machine over the wire and being able to see it in text from the command line.
https://github.com/simsong/tcpflow
-
Tracing HTTP Requests with Tcpflow
There seems to be an issue open for this https://github.com/simsong/tcpflow/issues/58
Forensia
What are some alternatives?
htop - htop - an interactive process viewer
fatcat - FAT filesystems explore, extract, repair, and forensic tool
ssldump - ssldump - (de-facto repository gathering patches around the cyberspace)
Hibr2Bin - Comae Hibernation File Decompressor
libpnet - Cross-platform, low level networking using the Rust programming language.
TelemetrySourcerer - Enumerate and disable common sources of telemetry used by AV/EDR.
tcpreplay - Pcap editing and replay tools for *NIX and Windows - Users please download source from
demuxusb - A program and toolset to analyze iDevice USB sessions
netpeek - Layer 7 sniffer
ImHex - 🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
RIP - Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++.