Traffic Analysis – NetwerkLABS

DFIR SOC Analyst Threat Detection and Incident Response

Wireshark Threat Hunting – From Packets to Indicators [HTTP: DEEP-DIVE]

HTTP/HTTP2 Deep-Dive — Wireshark DFIR // HTTP / HTTP2 — Deep-Dive Filter Reference Granular Wireshark display filters for HTTP/1.1 and HTTP/2 — request methods, path & file access, credential extraction, brute force detection, SQL injection, XSS,…

Bharath Narayanasamy wireshark

SOC Analyst Threat Detection and Incident Response Traffic Analysis

Wireshark Threat Hunting – From Packets to Indicators [SMB: DEEP-DIVE]

SMB & Windows Auth Deep-Dive — Wireshark DFIR // SMB & Windows Auth — Deep-Dive Filter Reference Granular Wireshark display filters for SMB2 file & share access (paths, users, operations, error codes), NTLM authentication flow, Kerberos…

Bharath Narayanasamy

DFIR SOC Analyst Threat Detection and Incident Response

Wireshark Threat Hunting – From Packets to Indicators

Wireshark DFIR Cheat Sheet // Wireshark DFIR Cheat Sheet Display filters, detection techniques, traffic analysis workflows, and TShark CLI commands for Digital Forensics & Incident Response. Filters are mapped to MITRE ATT&CK where applicable. Wireshark 4.x…

Bharath Narayanasamy wireshark

Threat Detection and Incident Response DETECT Traffic Analysis

Wireshark 101 | Packet Operations

Wireshark: Packet Operations Statistics | Summary This menu provides multiple statistics options ready to investigate to help users see the big picture in terms of the scope of the traffic, available protocols, endpoints and conversations, and…

Bharath Narayanasamy wireshark

Threat Hunting SOC Analyst Threat Detection and Incident Response

Netminer

NetworkMiner CapabilityDescriptionTraffic sniffingIt can intercept the traffic, sniff it, and collect and log packets that pass through the network.Parsing PCAP filesIt can parse pcap files and show the content of the packets in detail.Protocol analysisIt can identify the…

Bharath Narayanasamy Threat_hunting, threat_detection, netminer, dfir

SOC Analyst Threat Detection and Incident Response BLUE TEAM

Introduction to Network Forensics

Source: Tryhackme Networkminer room Introduction to Network Forensics Network Forensics is a specific subdomain of the Forensics domain, and it focuses on network traffic investigation. Network Forensics discipline covers the work done to access information transmitted…

Bharath Narayanasamy BLUE, networkminer, traffic_analysis, threat_detection, dfir

Traffic Analysis

Traffic Analysis Essentials

There are two main techniques used in Traffic Analysis: Flow AnalysisPacket AnalysisCollecting data/evidence from the networking devices. This type of analysis aims to provide statistical results through the data summary without applying in-depth packet-level investigation.Advantage: Easy to…

Bharath Narayanasamy traffic