![]() ![]() ![]() Our first pcap for this tutorial is Wireshark-tutorial-identifying-hosts-and-users-1-of-5.pcap. Wireshark-tutorial-identifying-hosts-and-users-5-of-5.pcapĪny host generating traffic within a network should have three identifiers: a MAC address, an IP address and a hostname.Wireshark-tutorial-identifying-hosts-and-users-4-of-5.pcap.Wireshark-tutorial-identifying-hosts-and-users-3-of-5.pcap.Wireshark-tutorial-identifying-hosts-and-users-2-of-5.pcap.Wireshark-tutorial-identifying-hosts-and-users-1-of-5.pcap.Use infected as the password and extract the five pcaps, as shown below in Figure 1. Download the file named Wireshark-tutorial-identifying-hosts-and-users-5-pcaps.zip. ![]() The pcaps used for this tutorial are in a password-protected ZIP archive located at our GitHub repository. To follow this tutorial, readers should have a basic understanding of network traffic. We strongly recommend using the most recent version of Wireshark available for your operating system (OS). This tutorial features Wireshark version 4.0.8 with a customized column display from our previous tutorials. Requirements also include a recent version of Wireshark, at least version 3.6.2 or later. To fully understand this tutorial, readers should have reviewed the material in our previous tutorials on customizing Wireshark’s column display and using display filter expressions. Identifying Users in an Active Directory (AD) EnvironmentĪdditional Resources Requirements and Supporting Material Host Information from NetBIOS Name Service (NBNS) Trafficĭevice Models and Operating System (OS) from HTTP Traffic Host Information from Dynamic Host Configuration Protocol (DHCP) Traffic This article was first published in March 2019 and is being updated for 2023. This is the third in a series of tutorials that provide tips and tricks to help security professionals more effectively use Wireshark. This tutorial uses Wireshark to identify host and user data in pcaps. In some organizations, this could involve reviewing a packet capture (pcap) of network traffic generated by the affected host. When a host within an organization's network is infected or otherwise compromised, responders need to quickly identify the affected host and user. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |