The nature of data transferred between two hosts.Something indicating where the source of network latency is.Confirmation that an IDS signature is a true positive.When you make the decision to look at the packets, stop and ask yourself “why?” What are you looking for? Could it be: Since you’re probably only looking for one of them, that’s a lot of truth to wade through. While packets may not lie, they do tell thousands of truths. In packet analysis, you should always have a clear question in mind before you go about collecting packets. “ A question well stated is a problem half solved.” – Charles KetteringĮvery analysis and investigation focused class I teach revolves around this thesis, rooted in the scientific method. After that, I’ll describe the first technique: how to use Wireshark’s color coding feature to visually identify individual conversations. In this first article, I’ll describe the mindset you should approach a large packet capture with. Part 3: Distillation with Security Tools.You can find later parts of this series here: This article is the first in a multi-part series that will share specific techniques for approaching large capture files. Eventually, I developed techniques for dealing with large capture files and that brought me the confidence to keep learning. This scenario scares most people away from packets completely, and it scared me for a bit too. You fire up Wireshark and start a live capture or open a capture file you’ve found on someone’s blog and the number of packets quickly climbs from hundreds to thousands. That’s how nearly everyone would describe their first experience with packet analysis.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |