* Network Traffic Tips/Tools

Recommended Tools

tcpdump (Linux)
Wireshark (Linux/Windows)
Network Miner (Windows) – https://sourceforge.net/projects/networkminer/

Wireshark Tips

Statistics/Summary
Statistics/Endpoints
Statistics/Conversations
File/Export Objects/HTTP
Right Click on a Packet and “Follow TCP Stream”

HTTP Codes
It is important to understand the various http codes when analyzing traffic.
A – Address Record (IPv4)
AAAA – IPv6 Address
MX – Mail Exchange Record
NS – Name Server Record
TXT – Text Record

FTP Codes
https://en.wikipedia.org/wiki/List_of_FTP_server_return_codes

* Network Traffic Tips/Tools

Like this:

Leave a ReplyCancel reply