filmov
tv
CC10 - PacketSifter and Leveraging TShark for Network Traffic Analysis
Показать описание
CactusCon 10 (2022) Talk
PacketSifter and Leveraging TShark for Network Traffic Analysis
Ross Burke
SOC analysts are familiar with Wireshark and all of it's capabilities but are often at a roadblock when the pcap is relatively large. My tool, PacketSifter, and the open-source tool TShark will enable analysts to jump over that hurdle and learn to analyze pcaps on the command line!
Gone are the days of opening a large pcap in Wireshark and waiting two days for Wireshark to parse and load the pcap. PacketSifter will carve out noteworthy traffic as well as provide enrichment capabilities with GeoIP lookups via AbuseIPDB and hash lookups via VirusTotal.
This talk will demo PacketSifter as well as introduce TShark to continue on with the output files provided by PacketSifter.
Ross Burke is a Security Consultant at Mandiant and also an Instructor of Information Science and Technology at the University of Houston. Ross has worked across several aspects of cybersecurity including operating as a SOC analyst at an MSSP as well as staff augmentation and strategic consulting projects.
PacketSifter and Leveraging TShark for Network Traffic Analysis
Ross Burke
SOC analysts are familiar with Wireshark and all of it's capabilities but are often at a roadblock when the pcap is relatively large. My tool, PacketSifter, and the open-source tool TShark will enable analysts to jump over that hurdle and learn to analyze pcaps on the command line!
Gone are the days of opening a large pcap in Wireshark and waiting two days for Wireshark to parse and load the pcap. PacketSifter will carve out noteworthy traffic as well as provide enrichment capabilities with GeoIP lookups via AbuseIPDB and hash lookups via VirusTotal.
This talk will demo PacketSifter as well as introduce TShark to continue on with the output files provided by PacketSifter.
Ross Burke is a Security Consultant at Mandiant and also an Instructor of Information Science and Technology at the University of Houston. Ross has worked across several aspects of cybersecurity including operating as a SOC analyst at an MSSP as well as staff augmentation and strategic consulting projects.
0:43:04
0:52:52
0:52:14