-
July 13th, 2011, 11:42 AM
#1
Sniffers
Does anyone have any good material on how to read captures taken?Im starting to use wireshark alot so it would be beneficial for me to learn how to read the captures correctly and possibly advanced techniques.
Any help appreciated.
Thanks!
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
July 13th, 2011, 01:06 PM
#2
Different protocols have different structures. It really depends on the protocol you're trying to read. Wireshark does a lot of the work for you too. Is there something specific you're trying to analyze?
-
July 13th, 2011, 06:10 PM
#3
Mostly HTTP/s TCP, UDP.
A little cheat sheet would be nice for the search area when you are looking at a capture. Also when a capture is found, what everything in there means. I know its a little broad
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
July 13th, 2011, 10:55 PM
#4
If you are trying to debug http, I recommend Fiddler.
I've used it for years. It was originally developed by Microsoft before being spun off.
-
July 14th, 2011, 01:39 PM
#5
wow , epic program. will work great with http/s.
however there is still udp / tcp.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
July 19th, 2011, 01:28 PM
#6
I recommend getting the books "TCP/IP Illustrated" Volume 1 to 3. But for your purpose volume 1 should do. Volume 2 is mostly about socket programming and volume 3 is more about SSL/TLS, HTTP and NTP.
Besides a wealth of information about every bit used they're also great reference books. I regularly use them to verify things.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
July 19th, 2011, 09:27 PM
#7
I don't know if you are looking for something this basic but this should give you a start...
http://www.security-freak.net/raw-so...w-sockets.html
Work... Some days it's just not worth chewing through the restraints...
-
July 20th, 2011, 07:30 AM
#8
Oliver's Law:
Experience is something you don't get until just after you need it.
-
July 21st, 2011, 06:52 AM
#9
Thanks guys, will look into it.
Has anyone done the online training with Offensive security using backtrack?
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
July 22nd, 2011, 04:03 PM
#10
not to be rude, but prots are easily recognized...also, did you pay for wireshark?
Every now and then, one of you won't annoy me.
Similar Threads
-
By Penguin in forum Network Security Discussions
Replies: 6
Last Post: February 16th, 2005, 10:06 PM
-
By Irongeek in forum The Security Tutorials Forum
Replies: 0
Last Post: February 1st, 2005, 03:59 PM
-
By w0lverine in forum AntiOnline's General Chit Chat
Replies: 3
Last Post: November 24th, 2003, 09:01 PM
-
By PakiBlue in forum Microsoft Security Discussions
Replies: 10
Last Post: November 8th, 2003, 07:52 PM
-
By br_fusion in forum Newbie Security Questions
Replies: 16
Last Post: August 17th, 2003, 02:30 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|