Stirring
  • 😁Welcome!
  • 🏳️CVE-2023-46214: Attack, Detect and Forensic
  • ⭐DIỄN TẬP QUỐC TẾ ACID 2024
  • 👮‍♂️Blue Team
    • 😾Privilege Escalation: Understanding, Prevention, and Detection
  • 🔧Tools
    • Forensics
      • Memory
        • Linux
        • MacOS-X
      • Network
      • Disk Image
    • Steganography
    • OSINT
  • 📧CTF Writeups
    • Digital Dragon CTF 2023
      • First look at the Windows 7 Forensics
    • Hack The Boo
      • Wrong Spooky Season
    • HackTheBox-Cyber-Apocalypse-CTF-2022
      • Puppeteer
    • Hack-The-Box-Cyber-Apocalypse-2021
      • Oldest trick in the book
      • Key mission
      • Invitation
      • AlienPhish
      • Low Energy Crypto
  • 🥇Walkthrough
    • TryHackMe
      • SOC Level 1
        • Cyber Defence Frameworks
        • Cyber Threat Intelligence
        • Network Security and Traffic Analysis
        • Endpoint Security Monitoring
        • Security Information and Event Management
        • Digital Forensics and Incident Response
        • Phishing
      • SOC Level 2
        • Log Analysis
    • CyberDefenders
      • Boss Of The SOC v1
      • Boss Of The SOC v2
      • Boss Of The SOC v3
  • 📦Resources
Powered by GitBook
On this page
  1. Tools
  2. Forensics

Network

PreviousMacOS-XNextDisk Image

Last updated 2 years ago

Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation

Wireshark

  • Analyze the network dumps

Ubuntu

sudo apt-get install wireshark
wireshark file.pcap

Windows

https://www.wireshark.org/download.html

Network Miner

Tshark

# Install
sudo apt install tshark
(https://cheatography.com/mbwalker/cheat-sheets/tshark-wireshark-command-line/)

# Commands
tshark -r dump.pcap
tshark -nr payload.pcapng -Y 'frame contains "flag"' -T fields -e text
tshark -nr payload.pcapng -Y 'dns' | head
tshark -nr payload.pcapng -Y 'dns && ip.src == 10.10.10.10 && frame contains "local" && ip.dst==10.10.10.11'

# Extract Websocket (payload)
tshark -r something.pcap -Y websocket.payload -E occurrence=l -T fields -e text

USBMS

tshark -r data.pcapng -T fields -e usb.capdata > file
cat file | tr "\n" " " | sed 's/ //g' > flag
xxd -r -p flag flag.bin

Pcap

https://packettotal.com/
https://www.hybrid-analysis.com/
https://iris-h.services
https://f00l.de/hacking/pcapfix.php
🔧
2MB
NetworkMiner_2-7-2.zip
archive