SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsNetwork packet capture files are extremely useful to security analysts who try to determine issues and possible compromise in an environment. A complete packet capture contains a wealth of information but extracting something useful from that data can be both challenging and time-consuming. This paper showcases the capability of tshark and other open-source tools for extracting such information. By demonstrating how simple outputs from tshark can be correlated with external resources, this paper makes a strong case that security analysts should consider adding tshark to their toolbox. Emphasis is placed not just on getting familiar with tshark but also on concrete examples such as IP geo-location,malware threat correlations, email message extractions, etc.