# Network Based

## Sniffing

**TCP Sniffing**

```bash
# Basic output
tcpdump -i <interface>
# Verbose output
tcpdump -A -i <interface>
# redirect to pcap file
tcpdump -A -i <interface> -w /tmp/tcpdump.pcap
```

## File transfer

**Over SSH:**

```bash
# SSH Local folder to remote
scp -r <local folder> <username>@<IP>:/<pathToFolder>

#SSH Remote folder to Local
scp -r <username>@<IP>:/<pathToFolder> .
```

## Mac Flooding (DOS)

Dangerous. Easily detected by SOC. Can result in network device being blocked (hence potential DOS attack)

```bash
macof -i <interface>
# Does not work with Arp validation enabled
ettercap -T -i <interface> -M arp
```

## Load Testing

```bash
# Non auth
siege -v -c 100 <url>

# Cookie Auth
siege -v -c 100 -H 'Cookie: name=value' <url>
```

## Wifi Cracking

Guide: [Geeks For Geeks](https://www.geeksforgeeks.org/kali-linux-aircrack-ng/)

```bash
# List Interfaces
airmon-ng

# Stop Interface
airmon-ng stop <interface>

# Start Capture
airmon-ng start <Interface> <Channel>

# Collect Handshake
airodump-ng -c <Channel> --bssid <bssid> -w psk <interface>

# Crack Password
aircrack-ng -w wordlist psk*.cap
```

## Wifi Deauth Flood DOS

```bash
airmon-ng start wlan0
mdk3 mon0 d -i <essid>
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://f1shh.gitbook.io/pentest-tips/network-exploitation/network.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.