Wireshark Tips and Tricks
By Tony Lee, Scientist at FireEye, Inc.
Jason Bevis, Managing Principal at FireEye Labs
If you were tasked to put together a forensic toolkit with 25 tools or less, chances are Wireshark would be one of those tools–especially if you planned on dealing with packet captures. Because it is free, open source, and cross-platform, Wireshark makes a great packet capture and analysis tool for just about any forensic toolkit. Never the less, this staple tool has been around for so long (think back to the days of Ethereal) that we sometimes take it for granted. In this article we will explore a few tips and tricks that highlight why we like this tool so much.
Getting Started with Wireshark
By Sebastian Perez, Information Security Analyst at OLX, CEH
As a pentester, I always get involved in different projects from different clients and no matter what the objective is, having the knowledge and the proper tool to perform the task will save a lot of time, and avoid some headaches. This article will try to aid for those scenarios where a network analysis should be performed. We will focus in one of the most important tools for a pentester:
Sniffing and Recovering Network Information Using Wireshark
By Fotis Liatsis, System/Network Administrator of Greek Student Security Team – CampSec
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Wireshark is cross-platform, using the GTK+ widget toolkit to implement its user interface, and using pcap to capture packets, it runs on various Unix-like operating systems including Linux, OS X, BSD, and Solaris, and on Microsoft Windows.
Traffic Analysis and Capture Passwords
By Rafael Fontes, Co-Founder at Grey Hat and member of “French Backtrack Team”
It is known that Wireshark is a powerful tool that goes far beyond a simple sniffer. What many do not know is that there are several ways to harness the potential of this tool, readers, this article will introduce. Let us learn to sniff the network effectively, create filters to find only the information we want, see it as a black hat would use this tool to steal passwords and finally, how to use Wireshark to diagnose network problems or if a firewall is blocking packets correctly.
Detect/Analyze Scanning Traffic Using Wireshark
By Santosh Kumar, Technical Manager at Koenig Solutions Ltd., CEH, CCSE, CCMSE, CISCO ASA SPECIALIST
“Wireshark”, the world’s most popular Network Protocol Analyzer is a multipurpose tool. It can be used as a Packet Sniffer, Network Analyser, Protocol Analyser & Forensic tool. Through this article my focus is on how to use Wireshark to detect/analyze any scanning &
Discover How The Attack Happened By Wireshark
By Basem Helmy, Information Security Engineer, ECSA/LPT
In this scenario a pcap file generated by cyberlympics in the 2013 competition will be used to answer the following questions to identify how the attacker get in and how he extract the data from the compromised machine.
Detecting Attacks and Threats in Elastic Cloud Infrastructures: the Case of Side-channel Attacks
By Pasquale Puzio, CIFRE PhD Student at SecludIT and EURECOM
Sergio Loureiro,Co-Founder and CEO at SecludIT
Cloud computing adoption is rising fast. Flexibility, pay-per-use and available resources on-demand with the promise of lower ownership costs are a very attractive value proposition.
Content-Based Intrusion Detection System
By Mark Sitkowski, Consultant to Forticom Security, Design Simulation Systems Ltd
Nobody ever broke into a bank’s IT system by cracking a user’s password. It’s not cost-effective to waste computer time on such a pursuit, for the sake of the few thousand dollars thatmay, or may not be in the user’s account.