GitBook: [master] 2 pages and 8 assets modified
BIN
.gitbook/assets/image (567).png
Normal file
After Width: | Height: | Size: 815 KiB |
BIN
.gitbook/assets/image (570).png
Normal file
After Width: | Height: | Size: 815 KiB |
BIN
.gitbook/assets/image (571).png
Normal file
After Width: | Height: | Size: 789 KiB |
BIN
.gitbook/assets/image (572).png
Normal file
After Width: | Height: | Size: 504 KiB |
BIN
.gitbook/assets/image (573).png
Normal file
After Width: | Height: | Size: 705 KiB |
BIN
.gitbook/assets/image (574).png
Normal file
After Width: | Height: | Size: 147 KiB |
BIN
.gitbook/assets/image (575).png
Normal file
After Width: | Height: | Size: 260 KiB |
BIN
.gitbook/assets/image (576).png
Normal file
After Width: | Height: | Size: 711 KiB |
@ -50,7 +50,15 @@ Then create a **new case**, create a **new session** inside the case and **uploa
|
|||||||
|
|
||||||
### NetworkMiner
|
### NetworkMiner
|
||||||
|
|
||||||
Like Xplico it is a tool to analyze and extract objects from pcaps. It has a free edition that you can download [here](https://www.netresec.com/?page=NetworkMiner).
|
Like Xplico it is a tool to **analyze and extract objects from pcaps**. It has a free edition that you can **download** [**here**](https://www.netresec.com/?page=NetworkMiner).
|
||||||
|
This tool is also useful to get **other information analysed** from the packets in order to be able to know what was happening there in a **quick** way.
|
||||||
|
|
||||||
|
### NetWitness Investigator
|
||||||
|
|
||||||
|
You can download [**NetWitness Investigator from here**](https://www.rsa.com/en-us/contact-us/netwitness-investigator-freeware).
|
||||||
|
This is another useful tool that **analyse the packets** and sort the information in a useful way to **know what is happening inside**.
|
||||||
|
|
||||||
|
![](../../../.gitbook/assets/image%20%28570%29.png)
|
||||||
|
|
||||||
### [BruteShark](https://github.com/odedshimon/BruteShark)
|
### [BruteShark](https://github.com/odedshimon/BruteShark)
|
||||||
|
|
||||||
|
@ -11,6 +11,45 @@ The following tutorials are amazing to learn some cool basic tricks:
|
|||||||
* [https://unit42.paloaltonetworks.com/using-wireshark-identifying-hosts-and-users/](https://unit42.paloaltonetworks.com/using-wireshark-identifying-hosts-and-users/)
|
* [https://unit42.paloaltonetworks.com/using-wireshark-identifying-hosts-and-users/](https://unit42.paloaltonetworks.com/using-wireshark-identifying-hosts-and-users/)
|
||||||
* [https://unit42.paloaltonetworks.com/using-wireshark-exporting-objects-from-a-pcap/](https://unit42.paloaltonetworks.com/using-wireshark-exporting-objects-from-a-pcap/)
|
* [https://unit42.paloaltonetworks.com/using-wireshark-exporting-objects-from-a-pcap/](https://unit42.paloaltonetworks.com/using-wireshark-exporting-objects-from-a-pcap/)
|
||||||
|
|
||||||
|
### Wireshark analysed Information
|
||||||
|
|
||||||
|
#### Expert Information
|
||||||
|
|
||||||
|
Clicking on _**Analyze** --> **Expert Information**_ you will have an **overview** of what is happening in the packets **analised**:
|
||||||
|
|
||||||
|
![](../../../.gitbook/assets/image%20%28571%29.png)
|
||||||
|
|
||||||
|
#### Resolved Addresses
|
||||||
|
|
||||||
|
Under _**Statistics --> Resolved Addresses**_ you can find several **information** that was "**resolved**" by wireshark like port/transport to protocol, mac to manufacturer...
|
||||||
|
This is interesting to know what is implicated in the communication.
|
||||||
|
|
||||||
|
![](../../../.gitbook/assets/image%20%28574%29.png)
|
||||||
|
|
||||||
|
#### Protocol Hierarchy
|
||||||
|
|
||||||
|
Under _**Statistics --> Protocol Hierarchy**_ you can find the **protocols** **involved** in the communication and data about them.
|
||||||
|
|
||||||
|
![](../../../.gitbook/assets/image%20%28576%29.png)
|
||||||
|
|
||||||
|
#### Conversations
|
||||||
|
|
||||||
|
Under _**Statistics --> Conversations**_ you can find a **summary of the conversations** in the communication and data about them.
|
||||||
|
|
||||||
|
![](../../../.gitbook/assets/image%20%28572%29.png)
|
||||||
|
|
||||||
|
#### **Endpoints**
|
||||||
|
|
||||||
|
Under _**Statistics --> Endpoints**_ you can find a **summary of the endpoints** in the communication and data about each of them.
|
||||||
|
|
||||||
|
![](../../../.gitbook/assets/image%20%28575%29.png)
|
||||||
|
|
||||||
|
#### I/O Graph
|
||||||
|
|
||||||
|
Under _**Statistics --> I/O Graph**_ you can find a **graph of the communication.**
|
||||||
|
|
||||||
|
![](../../../.gitbook/assets/image%20%28573%29.png)
|
||||||
|
|
||||||
### Filters
|
### Filters
|
||||||
|
|
||||||
Here you can find wireshark filter depending on the protocol: [https://www.wireshark.org/docs/dfref/](https://www.wireshark.org/docs/dfref/)
|
Here you can find wireshark filter depending on the protocol: [https://www.wireshark.org/docs/dfref/](https://www.wireshark.org/docs/dfref/)
|
||||||
|