Wireshark and tcpdump Reference

Wireshark and tcpdump are extremely powerful network troubleshooting tools. Here are some command examples that may be useful.

Wireshark Display Filters

Show all ARP:
arp
Show ARP from a specific MAC:
arp.src.hw_mac == 00:16:D3:4A:CE:7D
Show all traffic to a specific IP:
ip.src == 10.14.1.16
Show all traffic to/from a specific IP:
ip.addr == 10.14.1.16
Show only SYN packets:
tcp.flags.syn
Show all web traffic:
tcp.port == 80

OpenSSL Tips & Tricks

Get into the correct directory:

cd /etc/pki/tls/certs

Generate key

openssl genrsa -des3 -out mike.key 4096

chmod 600 mike.key

Generate signing request

openssl req -new -key mike.key -out mike.csr

chmod 600 mike.csr

Get the CA to sign the request

openssl x509 -req -days 10000 -in mike.csr -out mike.cert \

-CA /etc/pki/tls/certs/army.ca/Army.ca_CA.cer \

Linux Package Management Commands

Yes, some distros still use rpm.

Extract files from an RPM:

rpm2cpio filename.rpm | cpio -idv

Unpack an RPM into /tmp/deleteme without installing it:

rpm -ivh -root /tmp/deleteme --nodeps --noscripts package.rpm

Install

rpm -ivh

Upgrade (use this except for kernels)

rpm -Uvh

Find out what's installed

rpm -qa

See which package a file belongs to

rpm -qf

Mark

Body

When our POS system went down, I had support on site with one phone call and we were up and running right away. Rapid on-site service was just what I needed to avoid losing business to a tech problem!

Retail Business Customer