Search the Community

As of late I’ve been playing with packet capture on my home network. I’ve been using wireshark to learn about different protocols etc(I’m a slow learner 😁). is there a application that I can run the packet captures through that has similar functionality as an IDS... post capture?

Hi Does anyone know of an open source equivalent of Norse Attack maps, to play back captured packets( Pcap)? I know that I can show the location of the captured packets in wireshark, using endpoints and GeoIP. I would like to see them animated like the Norse attack map.

Here is the file - https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=dns-remoteshell.pcap And a screenshot - http://i64.tinypic.com/6gwu2v.jpg I have to analyse this file and answer several questions about it, like, small description of the events and weather this shows an attack, but I'm new to Wireshark so I'm a bit lost. If anyone could have a look and get back to me that would be great!

Okay, so first, I'm a student. I'm completing a project that requires analyzing a pcap file in Wireshark. One part of it is finding the series of packets that indicate a buffer overflow, followed by an SQL injection. I have no idea whatsoever how to filter for this, or even what to look for if I do see it. It's the only part that I haven't been able to solve yet. Everything else, Google was pretty helpful. Hints? Ideas? Filter recommendations? Thank you!

I've been playing around with the Pineapple and packet captures. An interesting topic I want to learn more about is 'user profiling' based on network traffic (pcap files). I want to find out at what times specific applications/websites were used or visited. I want to create some sort of timeline where I want to see at what times a connection/session was established, how long that application/website has been used and at what time the connection/session ended (DNS? SSL handshake? HTTP GET requests? Streams?). A big challenge is also to see through a lot of traffic generated by advertisers or other services that aren't specifically user actions. Are there even unique identifiers of user activity, or is that difficult to keep apart from 'system' traffic? For example: - Gmail.com, start 01-01-17 / 14:23:42, end 01-01-17 / 14:46:23, duration 23 min 21 sec - OR Gmail.com, visited on 01-01-17 / 14:23:42 .....etc..... I've searched a lot on the internet to learn more about this type of network behavior, but I can't find much usable answers so far. Mostly is about network performance and network security instead of 'user profiling'. Is it even possible to do some reliable kind of 'user profiling' and what are your thoughts about how to technically achieve this and the other possibility's? I also like the info that user_agents show for example, to identify specific devices. Maybe an option is creating some kind of regular expressions and create a script that can be applied to multiple pcaps from different sources.

Recently i have been investigating the packets sent on my network to the servers outside the network on steam. With steam i can clearly view and see what the server addresses are and their IP however i cannot seem to then view hosts connected to them or to me. I also have a playstation and am wondering whether or not it is possible to view the other players public IP one way or another with wireshark. I have spent alot of time searching and cannot seem to find anything on this anywhere.