Auditing network applications (Must know)

Tshark can help us greatly to audit applications that make use of sockets. Furthermore, we can use it as a support tool to understand and investigate protocols that lack technical documentation. In this recipe we will see a couple of examples that represent these scenarios.

How to do it...

Suppose that we are auditing a small application that uses sockets to communicate with clients. The application itself only receives a series of commands and replies to them with some information. Let's see how it works:
```
bmerino@Mordor:~$ nc 192.168.1.35 8012
Service BANE-1.0
IP   
--> 192.168.1.35
PORTS
--> 8012,8080,80,21
AAAA
--->Command not found. Type H for help
H
--->H,IP,PORTS,TCP,UDP,LISTENING,CONNECTIONS
```
So, when ...

Get Instant Traffic Analysis with Tshark How-to now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Instant Traffic Analysis with Tshark How-to by Borja Merino

Auditing network applications (Must know)

How to do it...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly