tcpdump -i <interface>
tcpdump -i <interface> -v src <source-IP-address> and dst <destination-IP-address> and port <port>
tcpdump -i <interface> -v port 80 | egrep -i "POST /|GET /|Host:"
tcpdump -i <interface> -v port 80 | egrep -i "POST /|GET /|clave=|pwd=|passwd=|password=|Host:"
tcpdump -i <interface> -v port 80 | egrep -i "Set-Cookie:|Cookie:|Host:"
tcpdump -r <file.pcap>
Ettercap
ettercap -G
Bettercap
# General
bettercap
net.probe on
net.recon on
net.sniff on
net.show
events.show
# Selección de interfaz
bettercap -iface <interface>
# Sniffing host y puerto específico
set net.sniff.filter "host <IP-address> and port <port>"
net.sniff on
events.show
# Interfaz de usuario (user:pass)
bettercap -caplet http-ui