Auditing network applications (Must know)

Tshark can help us greatly to audit applications that make use of sockets. Furthermore, we can use it as a support tool to understand and investigate protocols that lack technical documentation. In this recipe we will see a couple of examples that represent these scenarios.

How to do it...

  1. Suppose that we are auditing a small application that uses sockets to communicate with clients. The application itself only receives a series of commands and replies to them with some information. Let's see how it works:
    bmerino@Mordor:~$ nc 192.168.1.35 8012
    Service BANE-1.0
    IP   
    --> 192.168.1.35
    PORTS
    --> 8012,8080,80,21
    AAAA
    --->Command not found. Type H for help
    H
    --->H,IP,PORTS,TCP,UDP,LISTENING,CONNECTIONS
    
  2. So, when ...

Get Instant Traffic Analysis with Tshark How-to now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.