Does anyone have any good material on how to read captures taken?Im starting to use wireshark alot so it would be beneficial for me to learn how to read the captures correctly and possibly advanced techniques.
Any help appreciated.
Thanks!
Printable View
Does anyone have any good material on how to read captures taken?Im starting to use wireshark alot so it would be beneficial for me to learn how to read the captures correctly and possibly advanced techniques.
Any help appreciated.
Thanks!
Different protocols have different structures. It really depends on the protocol you're trying to read. Wireshark does a lot of the work for you too. Is there something specific you're trying to analyze?
Mostly HTTP/s TCP, UDP.
A little cheat sheet would be nice for the search area when you are looking at a capture. Also when a capture is found, what everything in there means. I know its a little broad :)
If you are trying to debug http, I recommend Fiddler.
I've used it for years. It was originally developed by Microsoft before being spun off.
wow , epic program. will work great with http/s.
however there is still udp / tcp.
I recommend getting the books "TCP/IP Illustrated" Volume 1 to 3. But for your purpose volume 1 should do. Volume 2 is mostly about socket programming and volume 3 is more about SSL/TLS, HTTP and NTP.
Besides a wealth of information about every bit used they're also great reference books. I regularly use them to verify things.
I don't know if you are looking for something this basic but this should give you a start...
http://www.security-freak.net/raw-so...w-sockets.html
This might give you a start too: http://www.tcpipguide.com/free/index.htm
Thanks guys, will look into it.
Has anyone done the online training with Offensive security using backtrack?
not to be rude, but prots are easily recognized...also, did you pay for wireshark?
This what you are looking for?
http://www.sans.org/security-resources/tcpip.pdf
Not sure what you mean here mate, care to explain?Quote:
Originally Posted by bludgeon
Thanks a great little dump, thanks.Quote:
Originally Posted by Opus00
Why would anyone pay for Wireshark when it is distributed free from Wireshark.org?Quote:
Originally Posted by bludgeon
Nice links Sir Dice and Opus00 :)
and Mr Airplane.....ua549...there are different versions of wireshark ...some you pay for :rolleyes:
http://www.cacetech.com/products/cas...l_edition.html
MLF
Cascade Pilot is not Wireshark. It is integrated with Wireshark. It simply isn't the same.
Maybe thats what he meant...getting the advanced reporting.
MLF
I've used Wireshark a bunch in the past, but one of my favorite apps, has been, for a long time now; IPTraf. It's a Console / Text based Sniffer that is actually really easy to use. It's one with a TUI (Text User Interface) and basically, when you type it and load it up, you select what you want. You can also open multiple copies of it to watch more stuff, and, it's actually really nice.
Ever tried out Hydra? Hping? IPSorcery? Those are other tools I love and use.
OmniPeek is my favorite Windows based sniffer/analyzer. IT has the features of WireShark, but also provides special tools for monitoring VoIP and RTP streams (I need that). THe biggest benefit is that it also provides drivers for promiscuous capture under certain chipsets, independent of OEM drivers..
http://www.wildpackets.com/products/...twork_analyzer
I haven't personally heard about that one in particular, but since I don't have much experience in the Windows world of Sniffers, what I CAN say, is that Doppy is someone I personally trust.
So, for what it's worth, if Doppy gives something his stamp of approval, I'd say it's worth at least checking into. When he responds to a thread and has a tool he's recommending, he seems to almost always pick very well, so look into it!
i love you, manQuote:
Originally Posted by gore
I know :)
Well, not really, but either way, you have good taste.