You could hunt around for the right commands to read the PCAP file using Tshark, but results will be endless lines of text on your screen. You learn about Tshark, the command-line version of Wireshark. You conclude that the file is too large to open with Wireshark and make your way to Google to look for other alternatives. After several attempts to open the file, your computer keeps freezing and crashing. You are ready to put your packet analysis skills to work when suddenly Wireshark crashes. You scan the file share, find the PCAP file, move it to your laptop, and open it with Wireshark. Your boss asks you to begin analyzing the packet capture which he stored in your team’s network file share. The employee does not want to have his computer re-imaged because he is concerned about losing important files, so your boss decided to collect network traffic from the local area network where the employee works to try to identify the root cause of the problem. All you know is that an employee’s machine has been behaving abnormally for a few days but the antivirus software running on the employee’s computer has not detected any malicious files or programs. The company you work for has not made significant investments in security technology, so you don't have a lot of enterprise-grade tools in your arsenal to begin your assignment. Imagine it's your first day on the job as a junior security analyst and your assignment is to analyze a large packet capture (PCAP) file that was collected from a monitoring port configured on one of the core switches at a remote site.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |