#TCPDUMP #NC and #K8S fun !!

Redirect output to stdout

tcpdump -i any -n -U -w - port 80 >demo.pcap
tcpdump -r demo.pcap

Redirect via netcat

tcpdump -i any -n -U -w - port 80 | nc 127.0.0.1 6666
nc -l 6666 >demo.pcap
tcpdump -r demo.pcap

Redirect via SSH reverse tunneling

ssh root@remote-host -R 6666:127.0.0.1:6666
tcpdump -i any -n -U -w - port 80 | nc 127.0.0.1 6666
nc -l 6666 >demo.pcap
tcpdump -r demo.pcap

Apply previous concept in a Kubernetes cluster

ssh root@remote-host
nc -l 6666 >demo.pcap
export KUBECONFIG=./cluster-kubeconfigdemo-dupe.yaml
kubectl run --rm -it --image xxradar/hackon demo -- bash
tcpdump -i any -n -U -w - port 80 | nc remote-host 6666 &
curl www.radarhack.com
tcpdump -r demo.pcap

 by the author.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Philippe Bogaerts

Philippe Bogaerts

#BruCON co-founder, #OWASP supporter, Application Delivery and Web Application Security, #Kubernetes and #container, #pentesting enthousiast, BBQ & cocktails !!