PCAP Command-Line Madness

Tuesday, 26 Jun 2018 6:00AM EDT (26 Jun 2018 10:00 UTC)
Speaker: Hal Pomeranz

You can spend large amounts of money on tools for working with network captures. Or you can spend zero money and learn to capture and manipulate PCAP data from the command-line. Take equal parts tcpdump and Wireshark's command-line cousin, tshark. Add a dash of some of other, lesser-known tools. Blend this with a large dollop of Linux shell primitives. It's a powerful concoction for analyzing network data. You'll be drunk with power, producing new insights more quickly than you ever thought possible.

Login to Register

Related Content

Finding_Evil_WMI_Event_Consumers_with_Disk_Forensics_-Blog_(1).png

Digital Forensics and Incident Response

Finding Evil WMI Event Consumers with Disk Forensics

This blog covers disk-based artifacts and tools available for use during deeper forensic investigations.

Blog_teaser_images_(19).png

Digital Forensics and Incident Response, Open-Source Intelligence (OSINT)

FOR589: Cybercrime Intelligence - NEW SANS DFIR Course coming in 2024

Learn to hunt for Dark Web Intelligence, Social Engineer cybercriminals, investigate illicit Blockchain activity, and analyze Cryptocurrency evidence

Digital Forensics and Incident Response

Ransomware: Every internet-connected network is at risk. Be prepared!

As ransomware attacks increase in number and severity, even the most advanced security systems can be compromised. Here is what you can do to prepare.