halil deniz5d ago

Network Monitoring with Termux

In this article, I cover practical network monitoring with Termux, packet capture workflows for cybersecurity

https://denizhalil.com/2025/06/16/termux-network-monitoring-android-guide/

#CyberSecurity #Termux #AndroidSecurity #NetworkMonitoring #NetworkSecurity #Linux #tcpdump

N-gated Hacker NewsMay 17
Ah, nothing quite like reading a thrilling #novella about TCP socket woes where #ECONNRESET is the main character and "reproducer" makes a cameo appearance! 📚✨ Spoiler alert: Our daring hero bravely navigates the murky waters of #tcpdump, #strace, and... zzz. Wake me when they reboot the server! 🤦‍♂️💤
https://movq.de/blog/postings/2026-05-05/1/POSTING-en.html #TCPsocket #ServerReboot #HackerNews #ngated
The occasional `ECONNRESET` (part 1/2)

Tarnkappe.infoMay 8
📬 TKÜ: Wie der Staat eure Kommunikation überwacht
#Datenschutz #Hintergrundberichte #Auswertung #DoT #PortMirroring #Rechtsgrundlage #TCPDump #Telekommunikationsüberwachung #TKÜ https://sc.tarnkappe.info/0d5e9b
TKÜ: Wie der Staat eure Kommunikation überwacht

Was ist eine Telekommunikationsüberwachung (TKÜ)? Wie führt man sie durch? Welche Probleme entstehen dabei? Wie kann man sich davor schützen?

TARNKAPPE.INFO
Justin ThomasMay 5

Scratched an itch that's been bothering me for a while. I created a vpp-pcap tool to serve network engineers working with #VPP who want something akin to #tcpdump.

root@jt-router:~# vpp-pcap -i any --print 2026-05-05 02:27:16.544645919 lan Inbound 192.168.37.1224.0.0.251 MDNS 212 Standard query response 0x0000 SRV, cache flush 0 0 44677 lgwebostv.local NSEC, cache flush lgwebostv.local NSEC, cache flush LG webOS Projector 3D93._hap._tcp.local AAAA, cache flush 2604:2940:4001:172:32b1:b5ff:feb9:232e A, cache flush 10.11.64.235 2026-05-05 02:27:16.568789127 lan Inbound 2602:f90e:10:0:18ff:7059:2bb8:3aac → 2602:f90e:10:0:ffff:ffff:ffff:fffe ICMPv6 90 Neighbor Solicitation for 2602:f90e:10:0:ffff:ffff:ffff:fffe from 16:59:1d:c2:0d:c7 2026-05-05 02:27:16.568827057 bvi100 Outbound 2602:f90e:10:0:ffff:ffff:ffff:fffe → 2602:f90e:10:0:18ff:7059:2bb8:3aac ICMPv6 86 Neighbor Advertisement 2602:f90e:10:0:ffff:ffff:ffff:fffe (rtr, sol, ovr) is at de:ad:00:00:00:64 2026-05-05 02:27:16.568834557 lan.30 Outbound 2602:f90e:10:0:ffff:ffff:ffff:fffe → 2602:f90e:10:0:18ff:7059:2bb8:3aac ICMPv6 90 Neighbor Advertisement 2602:f90e:10:0:ffff:ffff:ffff:fffe (rtr, sol, ovr) is at de:ad:00:00:00:64 2026-05-05 02:27:16.568929957 lan Inbound 2602:f90e:10:0:18ff:7059:2bb8:3aac → 2602:f90e:10:0:ffff:ffff:ffff:fffe ICMPv6 90 Neighbor Solicitation for 2602:f90e:10:0:ffff:ffff:ffff:fffe from 16:59:1d:c2:0d:c7 2026-05-05 02:27:16.568934037 bvi100 Outbound 2602:f90e:10:0:ffff:ffff:ffff:fffe → 2602:f90e:10:0:18ff:7059:2bb8:3aac ICMPv6 86 Neighbor Advertisement 2602:f90e:10:0:ffff:ffff:ffff:fffe (rtr, sol, ovr) is at de:ad:00:00:00:64 2026-05-05 02:27:16.568935527 lan.30 Outbound 2602:f90e:10:0:ffff:ffff:ffff:fffe → 2602:f90e:10:0:18ff:7059:2bb8:3aac ICMPv6 90 Neighbor Advertisement 2602:f90e:10:0:ffff:ffff:ffff:fffe (rtr, sol, ovr) is at de:ad:00:00:00:64

VPP has some very rich tracing tools, but I find them ergonomically challenging to use. I came up as a network engineer in the late 90s and early 2000s - this feels much more natural to me.

The repository is on GitHub. Both a plugin and a small Rust utility are used to provide live access to data passing through the VPP dataplane. It can also be chained with tcpdump, tshark, or wireshark to use those familiar interfaces. Usage details are in the GitHub README.

License is Apache 2.0, so use it as you'd like.

Enigmatick

NETRESEC - Network Forensics and Network Security Monitoring [Unofficial]May 4

FlowCarp Identifies Protocols

https://web.brid.gy/r/https://www.netresec.com/?page=Blog&month=2026-05&post=FlowCarp-Identifies-Protocols

KMJ 🇦🇹Apr 15

#Blocked 151 /24 and one /8 net from Hong Kong the protect my public #DNS servers from flooding them with non existing domain requests.

Blocked the Nets to not overfill my #pfSense #firewall rules with 6digit number IP addresses.

I made a small shell script filtering out their IPs from #tcpdump sorting and unique them then uploaded the list to my server distributing the lists a URL Aliases to pfSense.

Peace again on all DNS servers.

KMJ 🇦🇹Apr 13
what is really missing on #pfsense is the -i any switch in #tcpdump. it is horror to open 8 ssh terminals to see all interfaces. -i any on linux is genius.
Show threadDrScripttMar 27

I’m quite sure that #tcpdump’s [!smtp] is not truncation because:

• -s (snaplen) is set to 0 which means 256 kB or larger
• I was seeing [!smtp] on lines less than 76 bytes long
• I was not seeing [!smtp] on other lines between 77 and 998 bytes long

Show threadDrScripttMar 27

It seems to me that #tcpdump’s SMTP dissector might not be as functional as hoped.

As in possibly nothing more than a stub for future code.

The print-smtp.c file seems to be skeleton.

Compared to print-http.c which includes HTTP verbs.

The former has a NULL in the function call where the latter has an array of verbs.

So [!smtp] may be a red herring.

DrScripttMar 25

Does anyone know what the following at the end of a line of output from #tcpdump means?

[!smtp]

When sniffing SMTP traffic.

The man page on the system says that the following in the same position indicates snap length truncation.

[|smtp]

But the first (unknown) is an exclamation point while the second (snap length) is a pipe character.

I’m having trouble finding a description of what [!smtp] means.

🙁