Internet is the most widely used resource and has been serving as the most important part of everybody’s day to day life. In general, Ipv4 and Ipv6 are acting as the backbone of the internet resources. Since, internet is highly social, there are chances of making the technical information taken away from the source and also there are high risks of personal information from the particular organization or any individual.
In order to protect the data and personal information, there arises the need of safety measures that helps people to maintain the data securely. Such a safety system is ‘cyber security’. It also plays a vital role by contributing to the personal cyber threats. It may involve the sky rocketing or other threats of attack. Since, all the people in the world use internet and make use of the cyber system to store their data, the cyber criminals can easily make threats to the organization or any individual.
Bringing into light, the role of cyber security into these threats, GRhombus which is the best cyber security service providers in US helps you to maintain the data effectively. GRhombus develops the software that works much efficiently to take care of all the threats that people come across while storing the data and information.
There are a lot of techniques involved to implement the cyber security into any software. GRhombus is the leading cyber security software providers in US and assists in this process with the help of some techniques:
Using malware scanners:
GRhombus builds the best cyber security solutions in UK by using one of the techniques like malware scanners. The leading cyber security software built by the team of experts will try to scan all the files and documents present in the system for viruses. The best software developers will be able to scan the files from malicious code or harmful viruses and this helps any individual or the organization to get rid of the cyber security crisis.
Building the firewalls:
When we build firewalls, we will be able to easily track the hackers, viruses, and worms that are trying to reach and corrupt the system files and information. Over the internet, one can easily steal the personal information and this kind of cybercrimes will not be encouraged. GRhombus, the best cyber security solution providers in UK will be able to outrage the cyber issues that are happening over the internet.
Anti-virus software:
There are certain softwares built by the team of GRhombus software developers and this will help the organization or any individual who’s carrying the personal information get out of this cyber issues. A special program is built by the team of best software developers in UK and this software will help to diagnose the issues properly. This software is nothing but the compilation of software programs that detects all the malicious issues, viruses and worms and at the same time it will help people to take actions against those malicious activities.
Usually the antivirus softwares will contain regular updates along with it, which will enable the program to download some of the profiles of newly occurring virus. This method will be highly helpful to check for the new virus and then a quick antivirus will be made by the best software developers in GRhombus. As far as it is concerned, this antivirus is considered to be the needful thing for all the computers.
Test smarter and not harder – is a slogan of Software Testing and Quality Assurance. While complexity of application increases, it is fair enough to implement test strategy intelligently that reduces time to quality deliverables. Even though we use opensource tools and frameworks such as Selenium, Cucumber and few other licensed tools have their own limitations, when we think through that, it leads to an effective approach ‘Artificial Intelligence (AI)’- a smart and an efficient way.renders initially is
Artificial Intelligence (AI) Tools
Here are some of the popular AI-based test automation tools being used.
Testim.io
TensorFlow
Appvance
Test.ai
Functionize
About Machine Learning (ML)
Machine Learning (ML) a subset of AI, is a pattern-recognition technology, it uses patterns identified by ML algorithms to predict future trends or outcomes. ML is powerful to find predictive patterns with large amount of complex information, and alerts on those differences.
Artificial Intelligence (AI) is going to change testing in many ways in the coming days without replacing human. Keep reading, you will know other reasons.
UI Validation
Focus of most of the automation test engineers is to test functionality of application and these tests may ignore UI visual validation.
Using image-based testing tools, automated visual validation is still a limitation on color or size of elements. In such cases, testing activity ends up choosing manual verification which is error prone, where AI testing helps perfectly. You can use ML-based visual validation tools to find differences that human testers would most likely miss.
Regression Testing
Regression runs consume a lot of time at each staging test cycle in continuous integration and testing. Instead of running all common patterns for a small change in piece of code, ML lets choosing required set of precision tests to test the code. Moreover, AI tool lets report coverage of tests and risks within the application.
Write Tests And Prepare Data Sets
Spidering is a latest way of writing tests by ML, the newer tools need to be put through the web application automatically that starts crawling the application. As the tool is crawling, it also collects data by taking screen shots of features, downloads rendered HTML of every page, page load time measurements, and so forth. And it continues to run the same steps again and again.
Over the several cycles, it builds up a dataset and trained ML models for the expected patterns of your application.
API Testing
In the absence of UI, test automation is heavily dependent on backend testing through API calls, where ML Algorithms make it easier and faster to achieve quick release cycles.
DevOps And Report Analysis
During test runs, tool compares its current state to all the learnt/collected patterns, and if there is a deviation found, for example, a page that usually does not show JavaScript errors but it shows through test cycles or a script running slower than average, or a visual difference, then ML tool flags that as a potential issue. In some of these cases domain knowledge experts need to verify manually If the flagged issues are valid bugs. This approach of ML tools can reduce time to write test and track the areas of application to test thoroughly, and also the speed at which the application needs to be tested will be faster than the current world of Agile/DevOps based continuous testing.
Tests Recovery
Test automation engineers frequently face a challenge when developer keep changing element properties, that results into test failure. In these situations, ML tool decides from page object relationships and learnt patterns and the tool changes the locators automatically to identify the element.
Finally, AI Needs You.
Many automation engineers are needed not only with domain knowledge to train ML algorithm and test model development, but also who can analyse and understand algorithms, complex data structures and statistics. So, your job is safe. Stop worrying, upgrade AI knowledge requirements and do what you do best – happy test automation!
Kevin Ashton – Father of Internet of Things, in short IOT. For Kevin Ashton, the co-founder of Auto-Id Center, back in the year 1999, had decided to find out the holes in data about the supply chain that eventually led him to drive the early deployment of RFID chips on inventory.
Asked by the Massachusetts Institute of Technology to start a group — the Auto-ID Center — that would research RFID technology, he found a way to talk about RFID to a less-than-computer-savvy crowd – by coining the phrase the Internet of Things or IoT.
The Internet of things (IoT) is meant for using the Internet to empower computers to sense the world for themselves.
KEVIN —-
What is IOT?
The Internet of things (IoT) was introduced to remove the gap between the physical and digital world.
IoT connects various things or devices such as home appliances, industrial devices, vehicles, medicinal equipment with computers or smart phones through the internet and therefore turns them into smart devices which can sense and communicate with each other without human intervention.
The sensors on these things gathers data and the IoT platforms analyses the digital data and employs mechanism to help decision makers to implement intelligent and cost-effective solutions on their smart devices or things.
IOT Key Components
IOT is essentially an interaction between Internet of things and their purpose to make people’s life better in every walk of life. IOT’s primary purpose is to connect machines, people, and data. Then to enable people to machine and machine to machine Interaction.
In, Internet of people, people share/post information with one another that generates a huge chunk of data/information which is being pumped into the cloud.
In, Internet of things, objects/things are pumping data into the cloud which helps in monitoring the product, control, optimize and eventually automate the product on purpose.
As you can see information and data are being shared into the cloud by both people and things. Internet of things can control a product’s behavior and how we can draw value from them.
This categorizes the product into physical components, smart components, and connectivity components, which are most likely to be remotely controlled by an app.
This eventually impacts the product value altogether and thus it impacts the business and people in their day-to-day livelihood.
IOT – Most Popular Use Case
Tesla car utilizes the IOT feature to send their new software features/updates digitally over the internet to their products. Tesla used the evergreen design strategy to avoid a Major recall.
Few years back when there were several instances in which the battery cell of the car rubbed against the roads as the car turned corners causing fires.
Instead of sending all the Tesla cars back to the dealers or the mechanic shop, the company sent a software update that automatically raised the clearance of the car chassis where the battery was located.
Tesla’s ever green design saved the company money as well as customer’s time and money that usually hurts by a traditional recall of the product.
IOT – Few Challenges
Handling the huge chunk of data that gets generated from various devices interconnected with each other within the IOT network.
Complexity of the multiple systems embedded into IOT network and environment setup is complex and costly.
Too many Networks, protocols, gateways and device hubs is imaginably involved within the IoT network.
New challenges arise in upgrade testing when different platforms are part of IOT system which could eventually lead to security and compatibility issues.
Data security and cyber-attacks in today’s evolving times are certainly a challenge.
Effective maintenance of IOT Test automation framework in a complex embedded system is a challenge on its own.
The primary work of mobile pentester is static and dynamic analysis of applications using some predefined tools like Jd-GUI or Frida and Objection. In this blog we will cover some concepts of dynamic analysis of android apps. Dynamic analysis means interpreting or modifying the apps in runtime. In this blog we will cover the tool called Objection for Dynamic analysis of android app called diva-beta.apk and we will use Non-rooted android device POCO F1.
Objection is a tool using for Dynamic analysis of android based application. It allow us to assess mobile applications and their security posture without rooting and Jail breaking the mobile device. It is built on the top of the Frida which is also a great tool for dynamic analysis. Most of the Pentester Bug hunter using this tools now a days to perform Dynamic Application Analysis. To start with Dynamic analysis of application, the first step in this process is to setup tool in your operating systems like Ubuntu, Kali Linux etc. we are going to cover all the steps to setup tool in Kali Linux, below are the steps for setting up the tool.
Step 1: Installation of Objection in Linux
We need to install Python3 and pip3, you can install the python and pip3 repo in Kali linux by using below syntaxes.
Sudo apt-get install python3 # it will install the python repo in you Kali Sudo apt-get install pip3 # it will install the pip3 repo in your Kali
(Or) Sudo apt-get install python3-pip After installing python and pip repo, the next step is to install Objection. Note:-If you have Objection already installed then you can use pip3 install –upgrade objection for upgrading the version of Objection.
Pip3 install objection Now we have to install some utilities for Objection. You just need run these commands.
Sudo apt install Zipalign Sudo apt install aapt
Note: Zipalign is a tool for optimizing app and aapt turns your sdk resources in binary.
Step 2: Apktool installation:
Before going further, we can also setup Apktool, so below are steps available to setup process.
Next step is to move both files (apktool.jar & apktool) to location /usr/local/bin (root access required) Make sure both files are executable if not then change the permissions using chmod (chmod +x). Try running apktool via cli.
Step3: Installation of Jarsigner or Apksigner
Next step is to setup either Jarsigner or Apksigner in Kali linux. Why these tools are required. The Jarsigner tool is used to sign Java Archive (JAR) files, and to verify the signatures and integrity of signed JAR files. The JAR feature enables the packaging of class files, images, sounds, and other digital data in a single file for faster and easier distribution. A tool named jar enables developers to produce JAR files. (Technically, any ZIP file can also be considered a JAR file, although when created by the jar command or processed by the Jarsigner command, JAR files also contain a META-INF/MANIFEST.MF file.)
To install Jarsigner below are the commands.
Sudo apt-get install Jarsigner or sudo apt-get install apksigner
What is patching and why do we require our apps to get patched? Patching is a process through which, we are injecting Frida dylib library in our application which is apk file and install in our device i.e. POCO F1 (this device is using for this analysis).
Objection is built on top of Frida and objection is working on the basis of client-server model. So whenever we are patching applications we are injecting Frida dylib library into our app so that it will act as Frida server and our linux machine will act as client.
Commands for patching application.
In the terminal use below commands:
Objection –help Objection patchapk -s /home/kali/Downloads/diva-beta.apk -a arm64-v8a
-s : stands for source
-a : stands for architecture
Note:-Objection will automatically detect architecture. In case if it is not detecting architecture we have to mention -a as mentioned. Objection is case sensitive.Dont use capital O so use small o.
Installation of patchapk
After patching a new file diva-beta.objection.apk is created in /home/kali/Downloads.
For installing patched apk “diva-beta.objection.apk” we have to run command: adb install diva-beta.objection.apk
Note:-usb debugging should be enabled in your device for installing apps from adb. Usb debugging is in developed option. To enable developer option simply click on Build no or check device manual or search for your model no in any search engine.
For installation of adb here is link: https://www.xda-developers.com/install-adb-windows-macos-linux/
Procedure after patching
Now the next step is to launch your patched diva beta.apk in our mobile device.
In this app we will try to trace hardcode part 1 classes and methods
Commencement of Objection in linux For connecting our objection linux machine i.e. client to our server that is our mobile device POCO F1, we have to simply type the following command in you kali terminal for connecting client to server (patched apk).
objection explore
Hooking of classes and methods
For hooking classes and methods first we have to search the class and methods related to hardcode information. Here in app we will try to find it using we will try to find keyword called hardcode by using objection command Android hooking search class hardcode.
Now look at classes we found three classes. The class we will hook here is jakhar.aseem.diva.HardcodeActivity because it look familiar as per our need. Now we will watch for this method using Android hooking watch class jakhar.aseem.diva.HardcodeActivity
Now we found that whenever we click on access button we can find method of classes which are invoking at runtime. There are 3 methods invoking but one methods looks which we have some importance is jakhar.assem.diva.HardcodeActivity.access(android.view.view)
Now we found name of methods now we will try to hook these method using Android hooking watch class_methods jakhar.assem.diva.HardcodeActivity.access. You will get result like these
Note: we can use Android hooking watch classes Jakhar.aseem.diva.HardcodeActivity –dump-args –dump-return if you want return value and arguments.
Setting value using objection We don’t have any method in diva-beta.apk but assume if we have is device rooted Boolean value in our class. Let us assume we have jakhar.assem.diva.usermainactivity class and jakhar.assem.diva.usermainactivity.is device rooted.
Now we want to try to set value to false using objection. Why this is required? Because sometimes apps are not running because of root functionality in phone, so what we can do here is to just bypass root detection for app by using objection. Android set return value jakhar.assem.diva.usermainactivity.is device rooted now false.
Final words As we come to end of our journey assuming you like this blog. Objection is a great tool for dynamic analysis especially in case of when the code is obfuscated or not clear. Overall Objection is great tool for Dynamic analysis.
Troubleshoot While performing the patching process, if you are facing trouble or getting error, so below is the error which you can get while doing this process. So to resolve issue you can do below steps.
If your Objection is showing temporary file error then the command we have to run is:-
It is You!!! You are already facing the Corona virus. Do you know Corona is already your invisible friend? Do you know when it turns into your enemy? Be mindful about your feelings and emotions. Emotions are particularly important to keep mind, body, and soul together. Corona is attached with soul and its energy. When you eat tasty food or listen to good music – body gets it through mind and mind makes soul happy, and there by, cells in the human body remain energetic without any disturbance.
Why Corona attacks you?
When you are negative minded and leading a stressful, depressive, and sorrowful life with unhealthy food habit, mind receives negative emotions that disturbs soul’s energy. Now the invisible friend, Corona becomes your enemy to fight your body cells and damages cells, consequently organs gets damaged which in turn leads to death for the body, not for the soul.
Keep Away Corona with Mantra and Sankalpa
So to overcome or win over Corona follow this simple mantra – “Keep Inner Peace” – practice to think positive, be happy, have clean habits, love your neighbor, pay gratitude for whatever you receive, observe mother nature and be sensitive to her, satisfy with what you have today and lead happy life, laugh louder, lead trust worthy friendship, have permitted and healthy sex life, mindful about your body and breath, do not take bad news deep into your mind, do not utter negative words, be open to learn at any age. We born out of mother nature with five elements: Earth, Water, Fire, Air and Ether. All these are perfectly related a body: flesh and bones of body is to the Earth, body has 70% Water, Agni (Fire) is to Internal Energy in the body, Air is that we breath sustains life in the body, Ether is the space occupies around the body. When we are from nature, and living in this nature, we are not different from nature. Be in sync with the nature and its cycles through Body, Mind, and Soul. Eventually that develops egoless, positive life within you. In such state you will get what you want from this universe upon just a true wish (dharmic sankalpa). That is the key to Successful life!
Yes! It is. Robotic Process Automation is a simple “software” or “robot” or “bot” that takes set of instructions to automate human-computer-based tasks, for example copying data or moving files from source to another system, especially into legacy system.
Engaging humans to do the robotic work? Why don’t you go for Robotic Process Automation?
Few examples of potential candidate for RPA :
If accounts department receives invoices from vendors over email frequently and needs frequent updation of the required fields into SAP FI accounts payable system.
When a customer support team receives huge number of emails on daily basis and replying them takes huge time & efforts.
A product sales analyst and his team regularly web scrapes data from different eCommerce websites and copies to excel sheet, and then imports into analytics database to identify the trends.
Ever since computers are invented, out of many day-to-day repetitive tasks computers are performing to sustain business processes like HR onboarding, finance department making invoices and payments, IT user provisioning etc. where all these business functions attract RPA.
Goods purchased online when returned, processing consumes manual effort, time and money which is a costly endeavor. When a company implements RPA that can manage goods returns without adding to the cost or causing a delay. Also, it saves time and reduces errors in the process of sending a message confirming receipt of the return, updating the inventory system, making the payment adjustment to the customer, invoice processing, ensuring that the internal billing system is updated.
Company staff who is handling repetitive tasks, mundane tasks, bridge system and data integration can automate tasks by providing simple instructions like commands to RPA robot to let their task done, so that staff can take care of other tasks that results job satisfaction.
Even though RPA is complex to implement, it is a viable solution for organizations and when it is implemented properly, with a process having robots and relevant people in place shows successful results by reducing the cost to the company.
If Artificial Intelligence (AI) / Machine Learning (ML) implemented with RPA, ML improves robot performance and decision making and hence results in ROI.
The sectors attract RPA are:
Supply Chain Management (SCM), Customer Service, Accounting, Financial services, Health Care, Hospitality, Government, Human Resources, Insurance, e-Commerce, Retail, Transportation, Communication service providers, Media and Entertainment, Energy and Utilities, Manufacturing.
Gartner is the world’s leading research and advisory company, for example, has predicted that 73% of corporate controllers will implement some form of RPA in their finance departments by 2020.
Commercial tools with free edition or trail version
Free Open Source Tools
Blue Prism, UiPath, Automation Anywhere, WorkFusion, PegaSystems
Among available programming languages to choose between OOPs approach and scripting, less lines of code, platform independent and flexible language, and easy to learn.Python is developer’s choice when compared with other technologies and OOPs languages because of inbuilt libraries availability, for example, Numpy for scientific computation, Scipy for advanced figuring out/calculating and Pybrain for machine learning, making Python one of the best languages for AI.
For AI, Python leads with more than 50% votes among developers, over popular language like C++. That is because Python is easy to learn and put into use and availability of many libraries used for data analysis.
Python vs C++ for AI:
Python is winner over C++ especially among new developers because C++ being a lower-level language needs/demands more experience and skill to master.
Performance of C++ is better than Python. This is because C++ has the advantage of being a statically typed language and that’s the reason for there are no type related errors during runtime. C++ also creates more compact and faster runtime code. However, Python is a simple (the set of rules for forming language) language which is faster for development when compared to C++ because it is more natural to (intelligent/obvious) ETL (Extract, Transform, Load) process, and allows developers to test machine learning sets of computer instructions without having to put into use them quickly.
Python vs Java for AI:
The two languages are also written differently. A structure in Java is enclosed in braces. Python uses dent to (do/complete) the same tasks.
Java is also performance wise slower, and for developing high-end computer programs in AI, Python is more preferred by developers.
Java is a compiled language whereas Python is an interpreted language.
Conclusion:
AI needs a lot of research, and because of this we can’t rely on 500 KB commonly used Java code to test a new educated guess which will never finish the project. In Python, almost every idea can be quickly validated through less code. Therefore, it is a pretty useful language for the benefit of AI.
Author:Nandini N – Software Engineer– Test automation framework developer and technology enthusiast at GRhombus.
SQL Injection is most favorite and most attacked vulnerabilities that Hackers, performs nowadays. From last three times Injection i.e. SQL Injection becomes first web attack published by OWASP.
SQL Injection can be defined as “It is an Injection attack in which attacker tries interface sql queries or sql statement by sending malicious payload to the website.”SQL Injection mainly Categories into three major types:-
In-Band SQL Injection
In-band is common methodology and easy-to-exploit of SQL Injection. In these injection attack, attacker uses same communication channel to both launch the attack and gather results.
In-Band SQL Injection is of two types:-
Error-based Injection:-
Error-based SQLi technique that relies on error messages thrown by the database server to obtain information about the structure of the database. For some Web application, error-based SQL injection alone is enough for a hacker to enumerate an entire database and get the relevant information.
Union-based Injection:-
Union-based SQL injection technique that leverages the UNION SQL operator to combine the results of two or more SELECT statements into a single result which is then returned as part of the HTTP response and tries to get the database information for an attacker.
Inferential Injection:-
Inferential SQL Injection, may take longer time for an attacker to exploit, however, it is some time difficult to exploit the sql injection. In an Inferential SQLi attack, no data is actually transferred via the web application and the attacker would not be able to see the result of an attack as seen in in-band injection. This attacker has to reconstruct the database queries by sending different payload, observing the web application’s response and behavior of database. It is also called as Blind SQL Injection (Blind SQLi). Inferential band SQL Injection is of two types:-
Boolean-based SQL Injection
Boolean-based SQL Injection is a technique that relies on sending an SQL query to the database which forces the application to return a different result depending on whether the query returns a TRUE or FALSE result.
Time-based SQL Injection
Time-based SQL Injection is a technique that relies on sending an SQL query to the database which forces the database to wait or lock for a specified amount of time (in seconds) before responding. The response time will indicate to the attacker whether the result of the query is TRUE or FALSE. Basic Syntax for Time based SQL Injection is waitfordelay(), die().
Out-of-band SQL Injection
Out-of-band SQL Injection is most difficult type of SQL Injection that attacker performs, mainly because it depends on features being enabled on the database server being used by the web application. Out-of-band SQL Injection occurs when an attacker is unable to use the same channel to launch the attack and gather results.
Out-of-band SQLi techniques would rely on the database server’s ability to make DNS or HTTP requests to deliver data to an attacker. Such is the case with Microsoft SQL Server’s xp_dirtree command, which can be used to make DNS requests to a server an attacker controls; as well as Oracle Database’s UTL_HTTP package, which can be used to send HTTP requests from SQL and PL/SQL to a server an attacker controls. Happy Hacking !!!!!!!!!
Author: Sujay Chaurasia, Director, Cybersecurity, Development and DevOps, GRhombus Technologies
Tcpdump is one of the open source tools like Wireshark for network traffic monitoring. Just like in Wireshark, we can dump network traffic using Tcpdump. This tool is easily available in debian like kali Linux. TCPdump is command-line packets sniffer or you can also say as package analyzer tool which is used to capture or filter TCP/IP packets that received or transferred over a network on a specific interfaces. TCPdump also gives you an option to save captured packets in a file for future analysis. It saves the file in a pcap format, that can be viewed by TCPdump command or an open source GUI based tool like Wireshark that reads TCPdump pcap format files.
How to install tcpdump in Ubuntu/Debian? You can install tcpdump in Kali linux by using following commands.
$ sudo apt install tcpdump The general syntax for the tcpdump command is as follows: $ tcpdump [options] [expression]
The command options allow you to control the behavior of the command.
The filter expression defines which packets will be captured.
To dump the traffic we can you different commands
To capture packets from a particular Ethernet interface
When you execute tcpdump command without any option, it will capture all the packets flowing through all the interfaces. -i option with tcpdump command, allows you to filter on a particular Ethernet interface. $ tcpdump -i [interface name] $ tcpdump -i eth1 Above tcpdump captured all the packets flows in the interface eth1 and displays in the standard output. Where ‘-i’ = interface Note: Editcap utility is used to select or remove specific packets from dump file and translate them into a given format.
To capture only N number of packets
When you execute tcpdump command it gives packets until you cancel the tcpdump command. Using -c option you can specify the number of packets to capture. $ tcpdump -c 2 -i eth0 Above tcpdump command captured only 2 packets from interface eth0. Where ‘-c’ specify the number of packets to be captured. Note: Mergecap and TShark: Mergecap is a packet dump combining tool, which will combine multiple dumps into a single dump file. Tshark is a powerful tool to capture network packets, which can be used to analyze the network traffic. It comes with Wireshark network analyzer distribution.
To display captured packets in ASCII
When you want to the packets in ASCII, then you can execute the command. $ tcpdump -A -i eth0
To display captured packets in HEX and ASCII
When you want to the packets in hex values. tcpdump provides you a way to print packets in both ASCII and HEX format. $tcpdump -XX -i eth0
To Reading and write the capture packets into a file
tcpdump allows you to save the packets to a file, and later you can use the packet file for further analysis. $ tcpdump -w <File Name>.pcap -i eth0 -w option writes the packets into a given file. The file extension should be .pcap, which can be read by any network protocol analyzer. $ tcpdump -r <file_name>.pcap By using ‘-r’ option that stands for “read”.
To find all network interfaces
When you want to fetch the list of all available network interfaces, we can use the command: $ tcpdump -D Use ‘-D‘ option to display all the available interfaces for tcpdump command.
To capture all network packets
To capture all the inbound and outbound network packets we can use ‘any’ option to capture data packets that go through all network interfaces. This can be done by using the interface option ‘-i’. $ tcpdump -v -i any
To capture packets of a protocol-specific
When you want to capture packets belonging to a particular network protocol, we can append the name of the protocol at the end. You can specify one of these protocols: wlan, ip, ip6, Arp, tcp and udp etc. $ tcpdump -i any tcp The following example captures only arp packets flowing through the eth0 interface. $ tcpdump -i eth0 arp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
To capture host-specific packets
To capture the host specific packets, for that we can use ‘host’ keyword along with ‘tcpdump’, we can filter all the packets that are exchanged with a particular host. $ tcpdump -nn -c 5 -i any host X.X.X.X ‘-nn’, specify to translates the hostnames to their numeric Internet addresses. Note: The packets appear only if there is an actual network connection with the specific IP address.
To capture the packet from particular Source or Destination.
To capture the packet from particular Source or Destination We can use option ‘src’ (source) followed by an address. $ tcpdump -nn -c 5 -i any src X.X.X.X For destination-specific query, ‘dst’ is used. $ tcpdump -nn -c 5 -i any dst X.X.X.X
To receive packets flows on a particular port using tcpdump port
We can capture all the packets received by a particular port on a machine, to capture the packet we can used tcpdump command. $ tcpdump -i eth0 port 21
To Capture packets for particular destination IP and Port
When we have source and destination IP and port numbers. Using tcpdump we can apply filters on source or destination IP and port number. To captures packets flows though network interface (eth0), with a particular destination ip (X.X.X.X) and specific port number 21. $ tcpdump -w xpackets.pcap -i eth0 dst X.X.X.X and port 21
To Capture TCP communication packets between two hosts
If there is two different process from two different machines are communicating and they using tcp protocol for communication, then we can capture those packets using tcpdump using command. $ tcpdump -w comm.pcap -i eth0 src X.X.X.X and port 21 and dst X.X.X.X and port 21
Capturing only IP address packets on a specific Interface
By Using -n option in tcpdump command we can capture only IP address packets on specific interface, example is shown below, $ tcpdump -n -i eth0
Author: Sujay Chaurasia, Director, Cybersecurity, Development and DevOps, GRhombus Technologies
