sudo tcpdump -s0 port 53
sudo tcpdump -vvAls0 | grep 'Host:'
sudo tcpdump -vvAls0 | grep 'User-Agent:'
sudo tcpdump port http or port ftp or port smtp or port imap or port pop3 or port telnet -lA | egrep -i -B5 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=|pass:|user:|username:|password:|login:|pass |user '
—
Permalink