Talk With an Expert

What's Running on Your Network?

What's Running on Your Network? (PDF, 8.67MB)Published: 25 Jan, 2013
Created by
Francois Begin

Network packet capture files are extremely useful to security analysts who try to determine issues and possible compromise in an environment. A complete packet capture contains a wealth of information but extracting something useful from that data can be both challenging and time-consuming. This paper showcases the capability of tshark and other open-source tools for extracting such information. By demonstrating how simple outputs from tshark can be correlated with external resources, this paper makes a strong case that security analysts should consider adding tshark to their toolbox. Emphasis is placed not just on getting familiar with tshark but also on concrete examples such as IP geo-location,malware threat correlations, email message extractions, etc.