Skip to Main Content
Instant Traffic Analysis with Tshark How-to
book

Instant Traffic Analysis with Tshark How-to

by Borja Merino
April 2013
Intermediate to advanced content levelIntermediate to advanced
68 pages
1h 32m
English
Packt Publishing
Content preview from Instant Traffic Analysis with Tshark How-to

Implementing useful filters (Should know)

This recipe will show new parameters and filters of Tshark through practical examples that will help us to resolve many security incidents efficiently. We'll see how to locate malicious domains in our network, how to create a passive DNS service, and how we can do specialized searches with certain display filters.

How to do it...

The method that follows shows how to implement useful filters using just Tshark.

Malicious domains

  1. Knowing the pages to which users connect may be useful not only to meet web browsing patterns but also to locate infected computers. Here's an example:
    bmerino@Mordor:$ tshark -R http.request -T fields -e http.host -r malware.pcap  | sort -u > domains
    
  2. This command will dump all domains ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Next Generation Red Teaming

Next Generation Red Teaming

Henry Dalziel
Wireshark & Ethereal Network Protocol Analyzer Toolkit

Wireshark & Ethereal Network Protocol Analyzer Toolkit

Jay Beale, Angela Orebaugh, Gilbert Ramirez

Publisher Resources

ISBN: 9781782165385Other