Does anyone have any good material on how to read captures taken?Im starting to use wireshark alot so it would be beneficial for me to learn how to read the captures correctly and possibly advanced techniques.
Any help appreciated.
Thanks!
Printable View
Does anyone have any good material on how to read captures taken?Im starting to use wireshark alot so it would be beneficial for me to learn how to read the captures correctly and possibly advanced techniques.
Any help appreciated.
Thanks!
Different protocols have different structures. It really depends on the protocol you're trying to read. Wireshark does a lot of the work for you too. Is there something specific you're trying to analyze?
Mostly HTTP/s TCP, UDP.
A little cheat sheet would be nice for the search area when you are looking at a capture. Also when a capture is found, what everything in there means. I know its a little broad :)
If you are trying to debug http, I recommend Fiddler.
I've used it for years. It was originally developed by Microsoft before being spun off.
wow , epic program. will work great with http/s.
however there is still udp / tcp.
I recommend getting the books "TCP/IP Illustrated" Volume 1 to 3. But for your purpose volume 1 should do. Volume 2 is mostly about socket programming and volume 3 is more about SSL/TLS, HTTP and NTP.
Besides a wealth of information about every bit used they're also great reference books. I regularly use them to verify things.
I don't know if you are looking for something this basic but this should give you a start...
http://www.security-freak.net/raw-so...w-sockets.html
This might give you a start too: http://www.tcpipguide.com/free/index.htm
Thanks guys, will look into it.
Has anyone done the online training with Offensive security using backtrack?
not to be rude, but prots are easily recognized...also, did you pay for wireshark?