Pcap Analysis & Network Hunting

ShmooCon X - 2014

Presented by: Reid Gilman
Date: Saturday January 18, 2014
Time: 16:00 - 16:50
Location: Georgetown West
Track: Trainer Exchange

Creator: Reid Gilman

License: Creative Commons: Attribution, Share-Alike, Non-Commercial (http://creativecommons.org/licenses/by-nc-sa/3.0/)

Class Prerequisites: A basic understanding of TCP/IP and OSI model, Python programming experience helps with exercises.

Lab Requirements: tcpdump, Wireshark, and ChopShop. A linux/BSD/Mac system with the previous tools is recommended (as it should come with tcpdump). The lab materials are having sensitive materials removed and will be released soon.

Class Textbook: None

Recommended Class Duration: 2 day

Creator Available to Teach In-Person Classes: Yes

Author Comments:

Introduction to Packet Capture (PCAP) explains the fundamentals of how, where, and why to capture network traffic and what to do with it. This class covers open-source tools like tcpdump, Wireshark, and ChopShop in several lab exercises that reinforce the material. Some of the topics include capturing packets with tcpdump, mining DNS resolutions using only command-line tools, and busting obfuscated protocols. This class will prepare students to tackle common problems and help them begin developing the skills to handle more advanced networking challenges.

Reid Gilman


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats