SF19US - 22 Analyzing Windows malware traffic w/ Wireshark [Part 1](Brad Duncan)
Вставка
- Опубліковано 28 вер 2024
- The title of this class is: "Analyzing Windows malware traffic with Wireshark (Part 1)" and was taught by Brad Duncan. This was recorded on June 12th at UC Berkeley.
sharkfestus.wi...
Subscribe to our channel for tons of free Wireshark educational content. To attend a live SharkFest and to learn Wireshark with packet analysis experts, visit: sharkfest.wire....
](http://i.ytimg.com/vi/ibSqqWZq9sk/mqdefault.jpg)
that was flipping amazing finding server name and after adding that colunm it named all the rest, really enjoying learning from youtube vids, thanks for posting xxx
Glad you enjoyed!
@@WireSharkFest Could someone share a link to download these pcaps shown on this video ? Ive tried to find no luck so far
Awesome content! Please, Keep Uploading! You're an excellent instructor.
Nice explanation sir
im trying to follow this obviously without the usb stick info he passed round, but other than that cant believe how much i am enjoying trying to learn this stuff its so rewarding when u get somewhere lol....maybe i need to get a life but im spending hrs and hours each day slowly trying to learn all this stuff off youtube vids, and i must be really weird but wish i could go to uni to learn all this stuff but im 36 now and not enpough money for that but i would have loved to be in classes like this with such a good teacher......im trying to learn network security but its hard when u dont know anyone to talk to about this stuff so these vids on youtube are a godsend for me, im so hungry to learn but noone around me is interested and probably think i am sooooo boring lol lol
Could you please share pcap used in this session to play along with video
Could someone share a link to download these pcaps shown on this video ? Ive tried to find no luck so far
The files can be found here: sharkfestus.wireshark.org/sf19
Thanks so much!
One alternative is just to use TShark and dump the fields you want:
tshark -r -E separator="," -T fields -e ip.src -e http.request.full_uri -e http.user_agent
then grep or find ":" and redirect it to a file and voila' - you have an importable CSV file.
I never use wireshark for investigations, it's slow and you cannot search it or parse it with text tools.
it's obviously slow for you and others and it works fine for countless others.
@@Pontiki1977 You can't automate WS unless you are willing to dig into LUA or something, that is why TShark exists and it is superior in that way. Wireshark is a quick analysis tool to do simple investigations, it is NOT something you use to use to dig through a days worth of PCAPs from a network with hundreds of nodes. I don't care how "fine" it works, it does not scale for large corporate wide investigations.
@@Ichinin no one said anything about large corporate wide investigations...if it doesn't apply in your own line of work, you don't have to shit on something that is extremely helpful to countless individuals around the world. it is also free.
All i did was to give a tip on how to do things differently and do it better to be able to use external tools, you obviously have some problems and are reading things into what i said because you are an insecure individual who are more interested in expressing an opinion and bicker with other people online. Go and waste time for someone else. /Ignore
Could someone share a link to download these pcaps shown on this video ? Ive tried to find no luck so far
Sure thing, you can find them here: sharkfestus.wireshark.org/sf19
Thank you so much for this video.
It was really helpful to me. Pls. keep up to share such of nice contents.
I have a question:
Is it possible to get tht .pcap files you are used in the video?
Thank you.
Hi Christian, apologies for the late reply - you can find the files here: sharkfestus.wireshark.org/sf19
This is absolutely wonderful!! Thank you Mr. Brad and Sharkfest!
Thanks for tuning in Anna!
Brad, have you tried using Wireshark's Snort post-dissector (wiki.wireshark.org/Snort)? It will jump to the frames that match the alerts and tries to highlight the bytes where content/pcre fields match, gives links to the references, etc.