pcap – Page 3 – WindowsTechs.com

Live Online Training – PCAP in the Morning

Posted on March 19, 2021 by Erik Hjelmvik

Would you like to spend four mornings in May analyzing capture files together with me? I have now scheduled a live online network forensics training called ‘PCAP in the Morning’ that will run on May 3-6 (Monday to Thursday) between 8:30 AM and 12:30 PM… Continue reading Live Online Training – PCAP in the Morning→

Capturing Decrypted TLS Traffic with Arkime

Posted on December 1, 2020 by Erik Hjelmvik

The latest version of Arkime (The Sniffer Formerly Known As Moloch) can now be fed with a real-time stream of decrypted HTTPS traffic from PolarProxy. All that is needed to enable this feature is to include ‘pcapReadMethod=pcap-over-ip-server’ in Arkim… Continue reading Capturing Decrypted TLS Traffic with Arkime→

Community detection: CVE-2020-16898

Posted on October 15, 2020 by Ben Reardon

By Ben Reardon, Corelight Security Researcher This month’s Microsoft Patch Tuesday included a severe Remote Code Execution vulnerability in the way that Windows TCP/IP handles IPv6 “Router Advertisement” ICMP messages. Due to the severity and wide scop… Continue reading Community detection: CVE-2020-16898→

Community ID support for Wireshark

Posted on October 7, 2020 by Christian Kreibich

By Christian Kreibich, Principal Engineer, Corelight The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize them in… Continue reading Community ID support for Wireshark→

Community ID support for Wireshark

Posted on October 7, 2020 by Christian Kreibich

Meet the Corelight CTF tournament winners

Posted on September 15, 2020 by John Gamble

By John Gamble, Director of Product Marketing, Corelight This summer, Corelight hosted a virtual CTF tournament where hundreds of players raced to solve security challenges using Zeek data in Splunk and Elastic. After the preliminary rounds, we invite… Continue reading Meet the Corelight CTF tournament winners→

Chocolate and Peanut Butter, Zeek and Suricata

Posted on June 16, 2020 by Brian Dye

By Brian Dye, Chief Product Officer, Corelight Some things just go well together. A privilege of working with very sophisticated defenders in the open source community is seeing the design patterns they use to secure their organizations – bo… Continue reading Chocolate and Peanut Butter, Zeek and Suricata→

Detecting GnuTLS CVE-2020-13777 using Zeek

Posted on June 11, 2020 by Johanna Amann

By Johanna Amann, Software Engineer, Corelight CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their session resumption code, which lets… Continue reading Detecting GnuTLS CVE-2020-13777 using Zeek→

RawCap Redux

Posted on January 30, 2020 by Erik Hjelmvik

A new version of RawCap has been released today. This portable little sniffer now supports writing PCAP data to stdout and named pipes as an alternative to saving the captured packets to disk. We have also changed the target .NET Framework version from… Continue reading RawCap Redux→

Tshark: 7 Tips on Wireshark’s Command-Line Packet Capture Tool

Posted on January 8, 2020 by Laura Chappell

If your current capture process can’t keep up with the traffic and drops packets – you need a new capture process. No debates here. Analyzing a trace file in which you don’t have all the packets of interest will waste your time. You a… Continue reading Tshark: 7 Tips on Wireshark’s Command-Line Packet Capture Tool→