#Networking - reading pcap files with wireshark

12 messages · Page 1 of 1 (latest)

slender arrowBOT
#

@hexed smelt

File Attachments Not Allowed

For safety reasons we do not allow files with certain file extensions.

ema4823 Said

Hey,

I need some help how to analyze pcap files with wireshark.
My homework:

It is necessary to import the files that are given in the PCAP folder.

After that, it is necessary to create a search query that displays the content of the package, create an overview of all protocols that are present
for a given period, and then point to compromise indicators, detection source (Suricata, Zeek, Arkime, OpenSearch, Wireshark or some
the third way). After that point out the malicious IP addresses, the type of attack and briefly explain the potential consequences and next steps.

Files:
I put zip file that have pcap files and this domaci_txt is what i wrote in the paragraph above.

I need some resources or something how to deal with this. I stack when I try to understand 01.pcap but i found noting. I stuck now and I need some help how to navigate and work.

Code Formatting

You can share your code using triple backticks like this:
```
YOUR CODE
```

Large Portions of Code

For longer scripts use Hastebin or GitHub Gists and share the link here

Ignored these files due to them having disallowed file extensions
  • domaci.zip
tawdry vapor
#

Bot being super useful once more let's see

hexed smelt
#

Hey,

I need some help how to analyze pcap files with wireshark.
My homework:

It is necessary to import the files that are given in the PCAP folder.

After that, it is necessary to create a search query that displays the content of the package, create an overview of all protocols that are present
for a given period, and then point to compromise indicators, detection source (Suricata, Zeek, Arkime, OpenSearch, Wireshark or some
the third way). After that point out the malicious IP addresses, the type of attack and briefly explain the potential consequences and next steps.

Files:
I put zip file that have pcap files and this domaci_txt is what i wrote in the paragraph above.

I need some resources or something how to deal with this. I stack when I try to understand 01.pcap but i found noting. I stuck now and I need some help how to navigate and work.

Screenshot_from_2024-07-06_15-01-06.png
tawdry vapor
#

Maybe just another question for my understanding of the context of your assignment: What kind of class is this? Just a general networking class or something specifically related to security or whatever?

hexed smelt
#

Is called cyber security and currently the homework i have includes the topics of defensive security operations and offensive security operations

tawdry vapor
#

Listing out the protocols that were used should be pretty easy, I think it's something like tshark -r someinput.pcap -q -z io,phs

#

(tshark is part of Wireshark)

#

As for the rest I'd have to take a look at the file, the funny @slender arrow bot sadly doesn't allow files so you might have to upload it somewhere else

slender arrowBOT
hexed smelt
# 
===================================================================
Protocol Hierarchy Statistics
Filter: 

eth                                      frames:94 bytes:13196
  arp                                    frames:4 bytes:240
  ip                                     frames:90 bytes:12956
    udp                                  frames:16 bytes:1519
      nbns                               frames:8 bytes:802
      dns                                frames:2 bytes:174
      llmnr                              frames:6 bytes:543
    icmp                                 frames:2 bytes:268
      llmnr                              frames:2 bytes:268
    tcp                                  frames:72 bytes:11169
      nbss                               frames:48 bytes:9681
        smb                              frames:29 bytes:5173
          smb_pipe                       frames:4 bytes:692
            lanman                       frames:4 bytes:692
        smb2                             frames:13 bytes:3950
===================================================================

That work

tawdry vapor
#

Looks correct

hexed smelt
#

can i send you private message?