Protocol Analysis, Data Recorder, CALEA, Lawful Intercept, Application Performance, User Experience, Industrial Ethernet, Data Loss Prevention, Deep Packet Inspection, NetFlow, SOX, HIPAA and PCI Compliance, Switching and Routing, Forensics, VoIP, IPTV ... etc.
I had a few requests to do a quick intro to Airmagnet WiFi Analyzer Pro. So I thought I would start from the basics and go through the Start screen and explain what I typically look for.
I will add more videos with more detail as I think things up.
Since receiving positive feedback about a previous trace file analysis video, I thought I would do another, but this time, introduce Wireshark's Colorize feature. Generally speaking, I'm not a big fan of colors since they can distract me, or give me a headache ;b , but there are some scenarios where colors are helpful.
I also discuss what that urs.microsoft.com conversation is.
Since my Excel Graph tutorial, I have received emails asking if I could whip something up regarding Pivottables. Well, here you go.
One of the limitations of the Excel Graph Video is that it doesnt illustrate those data points where there aren't any packets. This pivot table trick will fix this and make the data more manageable.
In my classes and seminars, I constantly tell analysts that you should think of your packets like your vacation photos. You can show them to people, and they will politely nod, but they have no interest in them. Along with the security implications and possible misinterpetation, a graph can really drive the point home or show you something new about that puzzling trace.
Just saw a question on ask.wireshark.org from an analyst who is just starting out with Wireshark, asking about the basic MAC filter.
I enjoy answering these type of questions since it shows me that more and more people are trying out Wireshark.
So after a few postings, I realized there is something basic I am not conveying, so I whipped up a quick video on how to create a Capture and Display MAC Address Filter.
When I get asked, "whats your favorite tool"? My immediate response is always, "the one that I can customize".
No, thats not a consultant's standard answer looking to confuse or be too generic. I really mean it. I always look for tools that allow you customize the interface, reports, and basically anything to make my job easier.
The simplest example of this is would be a simple a capture or display filter with any protocol analyzer. I always evalaute how easy it was to create the filter, save the filter and retrieve this filter at a later date. I once used a protocol analyzer that required 4-6 steps to simply create a disply filter and another 4 steps to apply it. No thanks, I've got better things to do than practice my mousing skills.
In this video, I show how I customize a View from Fluke Networks AirMagnet Spectrum XT analyzer.
I came across this really nifty little utility to help analyze your Wireshark tracefiles.
Splitpcap will use 1 trace file and create various trace files based on your criteria.
For example you can ask splitpcap to create a trace file for all the ip addresses and tcp/udp conversations, or create a trace file for every ip address, plus a ton more.
I especially like the -y L7 switch that will extract the application data or payload and save it in a text file. Just like Follow TCP or UDP Stream.
Recent Comments