Network Analysis #Wireshark #pcap #network

Useful_Links.md

Useful Links

• https://github.com/enaqx/awesome-pentest#protocol-analyzers-and-sniffers
• https://www.systutorials.com/docs/linux/man/1-nfreplay/
• http://www.pmacct.net/
• https://github.com/theonlybrianne/graphdatamap
• https://github.com/insanitybit/grapl
• https://github.com/robcowart/elastiflow
• https://github.com/gdbassett/infosec_analytics_site
• https://www.sans.org/reading-room/whitepapers/logging/defending-graphs-create-graph-data-map-visualize-pivot-paths-39030
• https://briannefahey.com/2019/07/defending-with-graphs
• https://github.com/chrissanders/pivotmap
• https://github.com/olafhartong/ATTACKdatamap
• https://github.com/JohnLaTwC/Shared/blob/master/Defenders%20think%20in%20lists.%20Attackers%20think%20in%20graphs.%20As%20long%20as%20this%20is%20true%2C%20attackers%20win.md

Wireshark_Command_Line.md

TSHARK

https://hackertarget.com/tshark-tutorial-and-filter-examples/

Export specific packets

• tshark -Y {filter} -r {input file} -w {output file}
• tshark -2 -R {filter} -r {input file} -w {output file}

Dump raw packet 'data' field only

• tshark -r infile -T fields -e data | tr -d '\n' > tempfile

import binascii
import sys
string = open(sys.argv[1],'r').read()
sys.stdout.write(binascii.unhexlify(string)) # needs to be stdout.write to avoid trailing newline

CAPINFOS

$capinfos  -a -e file.pcap.gz
File name:           wireless_080224_first.pcap.gz
First packet time:   2008-02-24 13:10:09.637336
Last packet time:    2008-02-24 13:40:23.026171

$capinfos  -T -r -a -e file.pcap.gz
file.pcap.gz   2008-02-24 13:10:09.637336      2008-02-24 13:40:23.026171