Collaborate Disseminate
I am trying to pass good reputable malicious traffic from an IPS. There are several sources on internet to explore datasets like the oldest I think DARPA set (not available in pcap format and not that efficient for modern day… Continue reading Public Availability of a good Dataset in PCAP (TCPDUMP) format for IDS/IPS testing
This question already has an answer here:
How to identify if a field is encrypted?
3 answers
This is a follow up of this … Continue reading Confirming a tcp connection is encrypted not just encoded? [duplicate]
I was running tcpdump and then after some time I got this error:
tcpdump: (all BPF devices are busy)
I am not sure why? I killed all tcpdump processes, in case that this had something to do with it, but it did not fix it. … Continue reading tcpdump: (all BPF devices are busy) – How to solve this
Are there any reasons why I should be using tcpdump over wireshark?
I haven’t done much packet sniffing before and I am unclear as to why you would use a command-line based sniffer over wireshark which seems to contain all … Continue reading Why might tcpdump be preferred to Wireshark? [on hold]
I’m taking a coursera course, and they take pains when talking about network security to distinguish between eavesdropping and sniffing.
According to their definitions, sniffing involves reading or monitoring whole packets,… Continue reading Eavesdropping vs. sniffing
I published the following diary on isc.sans.org: “Truncating Payloads and Anonymizing PCAP files“: Sometimes, you may need to provide PCAP files to third-party organizations like a vendor support team to investigate a problem with your network. I was looking for a small tool to anonymize network traffic but also to
[The post [SANS ISC] Truncating Payloads and Anonymizing PCAP files has been first published on /dev/random]
Continue reading [SANS ISC] Truncating Payloads and Anonymizing PCAP files
I published the following diary on isc.sans.org: “Comment your Packet Captures!“: When you are investigating a security incident, a key element is to take notes and to document as much as possible. There is no “best” way to take notes, some people use electronic solutions while others are using good
[The post [SANS ISC] Comment your Packet Captures! has been first published on /dev/random]
I published the following diary on isc.sans.org: “The easy way to analyze huge amounts of PCAP data“. When you are investigating a security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If you’re lucky, you’ll have access to a network capture.
[The post [SANS ISC] The easy way to analyze huge amounts of PCAP data has been first published on /dev/random]
Continue reading [SANS ISC] The easy way to analyze huge amounts of PCAP data
While reading this doc https://wiki.wireshark.org/CaptureFilters I found this line:
tcp[((tcp[12:1] & 0xf0) >> 2):4]
which figures out the TCP Header Length, but I can’t find out how it really works (in detail).
… Continue reading Wireshark tcp filter: tcp[((tcp[12:1] & 0xf0) >> 2):4]