tcpflow
ssldump
Our great sponsors
tcpflow | ssldump | |
---|---|---|
5 | 2 | |
1,643 | 226 | |
- | - | |
3.7 | 7.5 | |
9 months ago | 4 days ago | |
C++ | C | |
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
tcpflow
-
tcpdump is amazing (2016)
> where: timestamp is an optional timestamp of the time that the first packet was seen
https://github.com/simsong/tcpflow/blob/master/doc/tcpflow.1...
.B t
-
Don't skip outgoing traffic
tcpflow
- Tcpflow: TCP/IP Packet Demultiplexer
-
Getting Started with NMAP
Mentioning tcpflow here b/c it's one of the most useful networking related tools I know of that very few people even know about.
What does it do?
It can reassemble TCP packets back into the FULL body of the original message sent. e.g. if you make a HTTP GET request, it will show you the full text in a file stamped with the time, source and dest ips and port.
Things I've found it REALLY useful for:
- migrating a data center
- for some reason, connection works fine on the old DC but seems to time out in weird ways in the new DC
- No one can figure it out
- I suggest using tcpflow
- Turn out there was a setting in the new DC network hardware that was truncating larger packets and the authorization message was just over the threshold
People always say "yeah, but Wireshark" which is true, that's a good tool too. That being said, there is just something about seeing the "raw" text of a message sent by a machine over the wire and being able to see it in text from the command line.
https://github.com/simsong/tcpflow
-
Tracing HTTP Requests with Tcpflow
There seems to be an issue open for this https://github.com/simsong/tcpflow/issues/58
ssldump
-
Tracing HTTP Requests with Tcpflow
I recall seeing a thread somewhere saying tcpflow would not add this capability and they point people to ssldump [1][2] and even that has some limitations.
[1] - https://github.com/adulau/ssldump
[2] - https://linux.die.net/man/1/ssldump
- Ssldump v1.3 – Many bugs fixed including memory leaks and a new JSON export
What are some alternatives?
htop - htop - an interactive process viewer
ecapture - Capture SSL/TLS text content without a CA certificate using eBPF. This tool is compatible with Linux/Android x86_64/aarch64.
Forensia - Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.
haproxy - HAProxy Load Balancer's development branch (mirror of git.haproxy.org)
libpnet - Cross-platform, low level networking using the Rust programming language.
lsquic - LiteSpeed QUIC and HTTP/3 Library
tcpreplay - Pcap editing and replay tools for *NIX and Windows - Users please download source from
wolfssl - The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3!
netpeek - Layer 7 sniffer
SoftEther - Cross-platform multi-protocol VPN software. Pull requests are welcome. The stable version is available at https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.
Suricata - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
tls-scan - An Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven )