Sometimes you need a powerful sniffer on your system. Every Mac and every Linux system got it. You just have to use it.

tcpdump

The only thing you have to know, are a few flags.

• -i en0 : Listen on this interface.
• -n : Don’t resolve hostnames.
• -nn : Don’t resolve hostnames or port names.
• -X : Show the contents in both hex and ASCII.
• -XX : Same as -X, but also shows the ethernet header.
• -v, -vv, -vvv : Increase the amount of packet information you get back.
• -c : Get n packets and then stop.
• -S : Print absolute sequence numbers.
• -e : Get the ethernet header as well.
• -q : Show less protocol information.
• -E : Decrypt IPSEC traffic by providing an encryption key.
• -s : Set the snaplength, i.e. the amount of data that is being captured in bytes

Example:

If you just want to see some traffic on the interface:

tcpdump -ni en0

If you want get a lot of information:

tcpdump -i en0 -nnvvvXSs 1514

Of course there are some other options. You can record the traffic into a file, read it from a file. You can also set filters on the command line to get only specific packets.

tcpdump -i en1 -nnvvS tcp and src 10.0.5.1 and dst port 5222

If you have to upload firmware to a router or a switch with xmodem, get the package lrzsz-0.12.20.tar.gz. Configure it with

tar xvzf lrzsz-0.12.20.tar.gz
cd lrzsz-0.12.20
./configure --disable-nls && sudo make install

Then start a console session with screen

screen /dev/tty.Keyserial1 9600

then, when you are asked from the program up upload the firmware using xmodem, do:

Press ctrl-a
:exec !! lsx -b -X /path/srw2016-24-10086.ros

the upload will start.

To hide your version of bind, enter the following value to your named.conf

version "[NONE]";

in the option section:

options {
directory "/var/lib/bind";
version "[NONE]";
};

Check the value with this command:

dig @dns.server.tld -c CH -t txt version.bind

If you need to calculate the checksum of a file on Mac or UNIX simply use openssl:

openssl md5 DeleteCookies.zip

openssl sha DeleteCookies.zip

This command gives you the checksum of the file as a result.

chmod is the tool to change the permission on UNIX based systems.

For the options consult wikipedia.

Why is it worth to mention it here? If you change the permissions recusively ofer a directory tree, usually you do not have the right permissions for directories and for regular files.

You can avoid that by using find, as shown in the example:

find . -type d -print | xargs chmod 755

find . -type f -print | xargs chmod 644

Type “d” applies the change to directories, whereas type “f” applies it to files. find “.” means to all files starting in the current directory.