Auditing network applications (Must know)

Tshark can help us greatly to audit applications that make use of sockets. Furthermore, we can use it as a support tool to understand and investigate protocols that lack technical documentation. In this recipe we will see a couple of examples that represent these scenarios.

How to do it...

  1. Suppose that we are auditing a small application that uses sockets to communicate with clients. The application itself only receives a series of commands and replies to them with some information. Let's see how it works:
    bmerino@Mordor:~$ nc 8012
    Service BANE-1.0
    --> 8012,8080,80,21
    --->Command not found. Type H for help
  2. So, when ...

Get Instant Traffic Analysis with Tshark How-to now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.