Wireshark: Information Gathering + Helpful Tools
Introduction Hello and welcome to my second post about Wireshark. In this post I’m going to go over some more tips that will come in handy in your packet capture analysis and I will also demonstrate finding malware with Wireshark. Weather you are doing network troubleshooting or doing some security analysis it is important to know your network protocols. The reason is that each protocol holds different and important information about the systems in the capture. This information will not only tell you what is going on in the network it will also include hostnames, usernames, the domain they belong to, and what the device is. Captures can also have thousands of packets and having a good grasp on these protocols will make it easier to sort through captures to find the information you need, locate network problems and even attacks. Starting out I’ll show you some protocols that holds that important information and by the end I’ll take all these methods and apply them to find malicio...