https://techdoku.nogafam.es/ 2026-05-01T02:38:19+00:00 https://techdoku.nogafam.es/ https://techdoku.nogafam.es/lib/exe/fetch.php?media=wiki:dokuwiki.svg text/html 2020-03-21T21:30:14+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdoku.nogafam.es/doku.php?id=docu:csheet:ofsec:pcap&rev=1584826214&do=diff Dumpcap common snippets This post contains some dumpcap snippets for capturing packets in the pcap format to be analized later on wireshark. dumpcap -f "ether host 00:22:68:18:b9:13 or broadcast" -w pentest -b filesize:10000 text/html 2020-08-25T14:42:52+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdoku.nogafam.es/doku.php?id=docu:csheet:ofsec:wshark_live_cap_ssh&rev=1598366572&do=diff Capture live packets from server using Wireshark and SSH tunnel In case you want to capture directly over an SSH tunnel on your Wireshark GUI tool, you can use ssh tunneling and netcat to do so, by: # in one terminal, run nc -lp 4567 | sudo wireshark -k -i - # on another terminal, run ssh -R 127.1:4567:127.1:4567 your-server.net \__ tcpdump -iany -nn -w - | nc 127.0.0.1 4567 text/html 2022-02-17T20:33:00+00:00 Anonymous (anonymous@undisclosed.example.com) https://techdoku.nogafam.es/doku.php?id=docu:csheet:ofsec:wshark_tls_client_hello&rev=1645129980&do=diff Filter tls client hello on Wireshark In case you want to view TLS client hello packets (to view websites visited), you can do so by using this filter in Wireshark GUI tls and tls.handshake.type == 1