Hello.
How can I detect the type of network packets by a tool like "tcpdump"? For example, When a hacker use a tool like "Hping3" and flood an IP then what type of packets sending to the target by "Hping3"?
Thank you.
Detect the type of network packets.
Re: Detect the type of network packets.
well, if you're really being flooded with packets, tcpdump may very well have issues capturing all that traffic, regardless of how big of a buffer you give it (-B). you may want to look into gulp https://staff.washington.edu/corey/gulp/. as far as viewing the traffic in real time, even with a capture filter ( to say ignore all ssh traffic from a known source ), it may be difficult to understand whats actually happening. you want to capture to a file, preferably rotating files of a determined size. from there you would either use the tshark command, or the wireshark gui, to parse through the data and see what was happening. Also, the man page for tcpdump is a good read https://www.tcpdump.org/manpages/tcpdump.1.html
Re: Detect the type of network packets.
I can't see any option for determining packet type!reallyrex wrote: ↑2019/02/06 22:33:19well, if you're really being flooded with packets, tcpdump may very well have issues capturing all that traffic, regardless of how big of a buffer you give it (-B). you may want to look into gulp https://staff.washington.edu/corey/gulp/. as far as viewing the traffic in real time, even with a capture filter ( to say ignore all ssh traffic from a known source ), it may be difficult to understand whats actually happening. you want to capture to a file, preferably rotating files of a determined size. from there you would either use the tshark command, or the wireshark gui, to parse through the data and see what was happening. Also, the man page for tcpdump is a good read https://www.tcpdump.org/manpages/tcpdump.1.html