It’s easy to capture packets with Wireshark, the world’s most popular network sniffer, whether off the wire or from the air. But how do you use those packets to understand what’s happening on your network
With an expanded discussion of network protocols and 45 completely new scenarios, this extensively revised second edition of the best-selling Practical Packet Analysis will teach you how to make sense of your PCAP data. You’ll find new sections on troubleshooting slow networks and packet analysis for security to help you better understand how modern exploits and malware behave at the packet level. Add to this a thorough introduction to the TCP/IP network stack and you’re on your way to packet analysis proficiency. Continue reading “Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems” »
This is a must-have work for anybody in information security, digital forensics, or involved with incident handling. As we move away from traditional disk-based analysis into the interconnectivity of the cloud, Sherri and Jonathan have created a framework and roadmap that will act as a seminal work in this developing field.
Dr. Craig S. Wright (GSE), Asia Pacific Director at Global Institute for Cyber Security + Research. Continue reading “Network Forensics: Tracking Hackers through Cyberspace” »
Introducing to the world of Wireshark.
Analyze unique communications to/from a bot-infected host, reassembles an IRC communication over a non-standard port, and identifies what bot is on the infected host and spot unusual DNS replies..
This analysis is carried out using WireShark, a network analysis tool formerly known as Ethereal, captures packets in real time and displays them in human-readable format. Wireshark includes filters, color-coding and other features that let you dig deep into network traffic and inspect individual packets. Continue reading “Analyze Infected Host With Wireshark” »