Auditing network applications (Must know)
Tshark can help us greatly to audit applications that make use of sockets. Furthermore, we can use it as a support tool to understand and investigate protocols that lack technical documentation. In this recipe we will see a couple of examples that represent these scenarios.
How to do it...
- Suppose that we are auditing a small application that uses sockets to communicate with clients. The application itself only receives a series of commands and replies to them with some information. Let's see how it works:
bmerino@Mordor:~$ nc 192.168.1.35 8012 Service BANE-1.0 IP --> 192.168.1.35 PORTS --> 8012,8080,80,21 AAAA --->Command not found. Type H for help H --->H,IP,PORTS,TCP,UDP,LISTENING,CONNECTIONS
- So, when ...
Get Instant Traffic Analysis with Tshark How-to now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.