Link https://youtu.be/NdTu3bDTBbo
Thanks to everyone here who responded to my post a few months ago about what issues you had when you were first learning Wireshark . Several of you asked for the link, so here it is. I would love to know what you think about it. If anyone has any other ideas, there will be a part 2.
Thanks again to all!
Hello guys ,so i havve been analyzing a malware samples earlier this week ,the does system discovery and then POSTs result to the C2 ,since the POST is big ,it is fragmented into 1406 bytes segments and sent ,My quesition is ,in the above picture ,why does the data being sent by an ACK ,not PSH for example ,How could ack been used to sent this amount of data ,and thanks.
Howdy Friends.
I'm sure this question has been answered in a manpage or even in a forum post in some manner in the past, but I'm pretty dense and usually require direct instruction. Also I'm lazy.
I'm wondering if I use tshark or editcap for this and need some help putting together a script or .bat file that can do the following - let's say I have 100 captures that were unfiltered.
I need to generate 3 files from each - one containing tcp, one containing udp and icmp, and one containing all traffic that's not either of those. I know how to open each file individually, apply display filters and export the files I need. But that's going to take hours. I'm hoping there's a way to automate this - does anybody have any insight? I've already used editcap to manipulate the snaplen of all the captured packets - that's pretty easy. I just need to speed up the production of the filtered files.
Thanks in advance for any advice.