I was going through some of the pcap challenges on https://www.malware-traffic-analysis.net. There I stumbled upon a some very good posts for getting stared with wireshark which are mentioned in the reference below.
HTTP
Some columns can be set in wireshark which help in http traffic investigations:
Tshark:
tshark -r “/file.pcap" -T fields -e dns.qry.name -e ip.src -e ip.dst -e _ws.col.Info | grep “mydomain\|10.10.10.15\|10.10.10.16"
Reference:
HTTP
Some columns can be set in wireshark which help in http traffic investigations:
- Src Port
- Dest Port
- Host
- User-Agent
- Request URI
- Content-Type
- Status Code
- Location (302) [Heplful when SSL com starts]
- Referer
Tshark:
tshark -r “/file.pcap" -T fields -e dns.qry.name -e ip.src -e ip.dst -e _ws.col.Info | grep “mydomain\|10.10.10.15\|10.10.10.16"
Reference:
No comments:
Post a Comment