Dark-Alex-17/kapow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
95aea4bce1b2cf48c84dd84d8a8fd97400456737
kapow/poc/examples/tcpdump/README.md
pancho horrillo 479e3cb13b Fix markdown and add missing -E param to sudo.
2019-09-06 13:54:43 +02:00

786 B
Raw Blame History

Remote tcpdump sniffer with source filtering

  1. Add any filter you want to the tcpdump command inside tcpdump.pow to filter any traffic you don't want to be sniffed!
  2. For the sake of simplicity, run sudo -E kapow server tcpdump.pow. In a production environment, tcpdump should be run with the appropiate permissions, but kapow can (and should) run as an unprivileged user.
  3. In your local machine run: 
    curl http://localhost:8080/sniff/<network-interface> | sudo -E wireshark -k -i -
    Again, for the sake of simplicity, Wireshark is running as root. If you don't want to run it this way, follow this guide: https://gist.github.com/MinaMikhailcom/0825906230cbbe478faf4d08abe9d11a
  4. Profit!
Reference in New Issue View Git Blame Copy Permalink