April 2013
Intermediate to advanced
68 pages
1h 32m
English
This recipe will show new parameters and filters of Tshark through practical examples that will help us to resolve many security incidents efficiently. We'll see how to locate malicious domains in our network, how to create a passive DNS service, and how we can do specialized searches with certain display filters.
The method that follows shows how to implement useful filters using just Tshark.
bmerino@Mordor:$ tshark -R http.request -T fields -e http.host -r malware.pcap | sort -u > domains