Stirring
  • 😁Welcome!
  • 🏳️CVE-2023-46214: Attack, Detect and Forensic
  • ⭐DIỄN TẬP QUỐC TẾ ACID 2024
  • 👮‍♂️Blue Team
    • 😾Privilege Escalation: Understanding, Prevention, and Detection
  • 🔧Tools
    • Forensics
      • Memory
        • Linux
        • MacOS-X
      • Network
      • Disk Image
    • Steganography
    • OSINT
  • 📧CTF Writeups
    • Digital Dragon CTF 2023
      • First look at the Windows 7 Forensics
    • Hack The Boo
      • Wrong Spooky Season
    • HackTheBox-Cyber-Apocalypse-CTF-2022
      • Puppeteer
    • Hack-The-Box-Cyber-Apocalypse-2021
      • Oldest trick in the book
      • Key mission
      • Invitation
      • AlienPhish
      • Low Energy Crypto
  • 🥇Walkthrough
    • TryHackMe
      • SOC Level 1
        • Cyber Defence Frameworks
        • Cyber Threat Intelligence
        • Network Security and Traffic Analysis
        • Endpoint Security Monitoring
        • Security Information and Event Management
        • Digital Forensics and Incident Response
        • Phishing
      • SOC Level 2
        • Log Analysis
    • CyberDefenders
      • Boss Of The SOC v1
      • Boss Of The SOC v2
      • Boss Of The SOC v3
  • 📦Resources
Powered by GitBook
On this page
  1. Tools
  2. Forensics

Network

PreviousMacOS-XNextDisk Image

Last updated 2 years ago

Network forensics is a sub-branch of relating to the monitoring and analysis of traffic for the purposes of information gathering, legal evidence, or . Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation

Wireshark

  • Analyze the network dumps

Ubuntu

sudo apt-get install wireshark
wireshark file.pcap

Windows

https://www.wireshark.org/download.html

Network Miner

Tshark

# Install
sudo apt install tshark
(https://cheatography.com/mbwalker/cheat-sheets/tshark-wireshark-command-line/)

# Commands
tshark -r dump.pcap
tshark -nr payload.pcapng -Y 'frame contains "flag"' -T fields -e text
tshark -nr payload.pcapng -Y 'dns' | head
tshark -nr payload.pcapng -Y 'dns && ip.src == 10.10.10.10 && frame contains "local" && ip.dst==10.10.10.11'

# Extract Websocket (payload)
tshark -r something.pcap -Y websocket.payload -E occurrence=l -T fields -e text

USBMS

tshark -r data.pcapng -T fields -e usb.capdata > file
cat file | tr "\n" " " | sed 's/ //g' > flag
xxd -r -p flag flag.bin

Pcap

https://packettotal.com/
https://www.hybrid-analysis.com/
https://iris-h.services
https://f00l.de/hacking/pcapfix.php
🔧
digital forensics
computer network
intrusion detection
2MB
NetworkMiner_2-7-2.zip
archive