Wireshark 101 | Traffic Analysis

This entry is part 8 of 13 in the series Incident Response and Forensics

Views: 7Wireshark: Traffic Analysis Display Filter Reference Investigating Nmap scans Nmap is an industry-standard tool for mapping networks, identifying live hosts and discovering the services. As it is one of the most used network scanner tools, a security analyst should identify the network patterns created with it. Common Nmap scan types, It is essential to know … Read more

Wireshark 101 | Packet Operations

This entry is part 7 of 13 in the series Incident Response and Forensics

Views: 4Wireshark: Packet Operations Statistics | Summary This menu provides multiple statistics options ready to investigate to help users see the big picture in terms of the scope of the traffic, available protocols, endpoints and conversations, and some protocol-specific details like DHCP, DNS and HTTP/2. For a security analyst, it is crucial to know how to … Read more

Analysis with Wireshark

This entry is part 9 of 13 in the series Incident Response and Forensics

Views: 20TShark VS. Wireshark (Terminal vs. GUI) TShark is a purpose-built terminal tool based on Wireshark. TShark shares many of the same features that are included in Wireshark and even shares syntax and options. TShark is perfect for use on machines with little or no desktop environment and can easily pass the capture information it … Read more