Above is an invisible network sniffer for finding vulnerabilities in network equipment. It is based entirely on network traffic analysis, so it does not make any noise in the air. He’s invisible.
Convert pcapng to pcap
tshark -F pcap -r NTLMv2.pcapng -w NTLMv2.pcap
Open outbound ports / Filtering
Web content filtering
For example, try to connect to 4chan or exploit-db with CLI but also with a browser
Living Off Trusted Sites
Try to access some of LOTS
Port Filtering
Test for other ports: 22, 21, 23, etc.
$ports =@(20,21,22,23,25,53,80,110,143,443,465,587,993,995,3306,3389,8080)$hostname ="portquiz.net"foreach ($port in $ports) { $result =Test-NetConnection-ComputerName $hostname -Port $port -InformationLevel Detailedif ($result.TcpTestSucceeded) {Write-Output"Port $port is open on $hostname" }}
Protocol Filtering
For example, if port 22 is blocked, also test for protocol filtering: SSH on port 443 ?
Server side:
sudonano/etc/ssh/sshd_config# Add or change portPort443# Restart SSHsudosystemctlrestartssh# orsudoservicesshrestart# If nesserary open port 443sudoufwallow443/tcp
Try to connect over port 443
ssh -p 443 username@server_ip
The Protocol Filter feature is used to block unwanted traffic from your network. The feature is commonly used to make sure employees, students or end users are using their Internet access for its intended productive use. The filter can block dozens of different protocols, including: peer-to-peer traffic (Source: ClearOS)
# Host discoverynet.probeon# See all hostnet.show# ARP spoofsetarp.spoof.targets192.168.37.133arp.spoofon# Spoof the entire subnet /!\ not recommendedsetarp.spooftargets# By default only connections to and from the external network will be spoofed# Spoof internal connectionsetarp.spoof.internal# Capture datanet.sniffon# Save the captured packet to pcapsetnet.sniff.outputfilename.pcap# DNS spoofingsetdns.spoof.domainsgithub.comdns.spoof.on
