O'Reilly logo

Instant Traffic Analysis with Tshark How-to by Borja Merino

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Auditing network applications (Must know)

Tshark can help us greatly to audit applications that make use of sockets. Furthermore, we can use it as a support tool to understand and investigate protocols that lack technical documentation. In this recipe we will see a couple of examples that represent these scenarios.

How to do it...

  1. Suppose that we are auditing a small application that uses sockets to communicate with clients. The application itself only receives a series of commands and replies to them with some information. Let's see how it works:
    bmerino@Mordor:~$ nc 192.168.1.35 8012
    Service BANE-1.0
    IP   
    --> 192.168.1.35
    PORTS
    --> 8012,8080,80,21
    AAAA
    --->Command not found. Type H for help
    H
    --->H,IP,PORTS,TCP,UDP,LISTENING,CONNECTIONS
    
  2. So, when ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required