WIRESHARK MASTER – NETWORK FORENSICS AND SECURITY

Download
File
eForensics_07_2014.pdf
eForensics_07_2014.epub

After a great success of Network Forensics Toolbox, we have decided to follow your wishes and develop a special edition dedicated just to your favourite network forensic tool – nothing else, but Wireshark!

Wireshark is a free, open-source, packet analyzer that can be used both to capture packets and to read packet captures. In this edition we will focus on all the different possible analysis’ that you can conduct with Wireshark – capturing images, e-mails and attachments, malware analysis, network traffic reconstruction and much more…

But that is not all! We will have a look at Wireshark in wider perspective – what’s wind blowing in Wireshark business…? Stay tuned and find out more soon!

Become a WIRESHARK MASTER!

We are proud to present OUR PARTNER to this edition: Wireshark University Europe:
http://www.wiresharkuniversity.eu/

wsu-logo-black-600x275
Check out the full table of content:

1. THE ENEMY INSIDE THE GATES – A GUIDE TO USING OPEN SOURCE TOOLS FOR NETWORK FORENSICS ANALYSIS

by Phill Shade, Certified instructor for Wireshark University, Expert and Speaker at SHARKFEST’13, internationally recognized Network Security and Forensics Expert

The goal of this brief tutorial is to introduce the concepts and techniques of Network Forensics Analysis including:

- Understanding the principles of Network Forensics Analysis and situations in which to apply them to evidence analysis

- Selecting and configuring Wireshark for Network Forensics Analysis to capture and recognize traffic patterns associated with suspicious network behavior.

- Specialized Network Forensics Analysis techniques including suspicious data traffic reconstruction and viewing techniques such as Web-Browsing sessions, Emails or file transfer activities or for detailed analysis and evidentiary purposes.

- Network security principles including encryption technologies, defensive configurations of network infrastructure devices and understanding and recognizing potential network security infrastructure mis-configurations

2. USING WIRESHARK TO ANALYZE SSL CONFIGURATIONS AND CERTIFICATES

by Larry Greenblatt, WCNA, CISM, CISSP, CEH, SHARKFESTS speaker, security specialist with three decades of information security, computer networking and protocol analysis experience. Founder of InterNetwork Defense, a consulting and training organization.

With all the talk these days of internet spying and theft, people are becoming increasingly concerned with protecting their information. As Laura Chappell, the founder of Wireshark University, might say, you can have opinions from people on security, but packets don’t lie. In this article I will show you how to use some simple Wireshark display filters and settings to view SSL/TLS capabilities in browsers, the negotiated cipher suite (the asymmetric, symmetric and hashing algorithms in use for the current session) and the information stored in the certificate.

3. Two Real Network Forensics Analysis: CASE STUDIES OF THE ATTACKS ON PHP.NET AND THE BOSTON BOMBS MALWARE

by Javier Nieto Arévalo, FCNSA, FCNSP, author of http://www.behindthefirewalls.com and our regular contributor

We could say that we live an era where the signature-based Antivirus has less sense if we want to fight against hackers who are creating customized malware only for their targets. Also, there are a lot of Zero-Days attacks which are being used to infect millions of computers just visiting a website. These Zero-Days attacks take advantages of unknown vulnerabilities for example Adobe or Flash player plugins installed in the web browser to download and install malware which has not been recognized yet. Also the majority of them make connections with the Command and Control servers to get the instructions of the hackers. Sometimes it is easier to detect infected hosts looking at their behavior in our network if we analyze the network traffic than using an Antivirus running on the host.

4. WIRESHARK FILTERS FOR NETWORK ANALYSIS

by Amandeep Kaur, CISC, CPH, CPFA, lecturer in Information Technology

Network Analysis is the process of listening to and analyzing network traffic. It offers an insight into network communication to identify performance problems, analyze application behavior, locate security breaches, and perform capacity planning. IT professionals use these processes to validate network performance and security.

5. CAPTURING E-MAILS AND GOOGLE IMAGE SEARCHES FROM YOUR NETWORK

by Jessica Riccio, computer forensics technician, your favourite expert and our regular contributor

Imagine that you are the manager of a company and receive a tip from an employee that another employee is using his computer to view images that violate the company’s computer use policy. After hearing this information, you want to decide if the allegations made against your employee are true. All you need to do is launch Wireshark and follow Jessica’s guide!

6. SNOOPING ON CALLS USING WIRESHARK

by Milind Bhargava, CEH, ECSA, ethical hacker performing vulnerability assessment and penetration testing services

(VoIP, n.d.) – Voice over Internet Protocol, is the new fashion in market. Everyone is moving towards it. Not that I feel there is anything wrong with it. It is not really that secure. Irrespective of if you are a forensic expert or a malicious user, using a tool as simple as Wireshark can help you listen to the calls made on a network.

7. CARVING BINARY DATA FROM PACKET CAPTURES

by Kelly Doyle, CISSP, GAWN, GPEN, GCIH, GCFA, ECSA, C|EH, CPT, successful participant at Cyberlympics and Hacker Halted 2013

Imagine you are an incident responder and are notified that your company’s network has been compromised for the last several weeks. Your boss tasks you with identifying what information was exfiltrated from the network. Where do you start? This article will introduce you to some of the basic concepts for finding and carving out forensic artifacts off the wire.

8. NETWORK BASED FILE CARVING

by Gavin Stroy, CompTIA A+, Net+, Security+, CCNA, CCNP, independent security researcher with a passion for network attack and defense

File carving is the name of the technique of pulling files out of a stream of bytes without the use of a particular file system; much like finding a word in a word search puzzle. Network based file carving is used to extract files from saved network traffic data that has been collected from tools such as Wireshark or TCPdump. This is useful for extracting viruses to be analyzed, identifying exfiltration, and forensic investigations.

9. CATCHING GHOSTS OF THE AIR – INVESTIGATING TRADITIONAL WEP ATTACKS

by Nipun Jaswal, CISE, C|EH, OSWP, M.tech, web application penetration tester and IT security trainer

Wireless attacks are so common these days, and if a hacker finds a WEP enabled network, there is no bigger jackpot for them. People have become smart and tend to use a WPA/WPA2 enabled network these days, but still vulnerabilities in the wireless architecture seem yet unsolved. In this article we will look at those traditional WEP attacks and will try investigating who, actually who, tried to break into the network and what activities they performed? Basically we will reconstruct the entire crime scene that happened over the wireless network.

10. SYN-FLOOD ATTACK – ANATOMY AND COUNTERMEASURES

by Mubarak Altheeb, technology enthusiast, MSc Networtk Security

SYN-flood attack is a serious threat to web servers and has been used to launch attacks against websites all around the globe. Attackers can launch the attack with a spoofed source IP address to prevent being detected. If you have a website for your business, your server can be targeted by SYN-flood at any time.

11. NETWORK FORENSIC WITH WIRESHARK – DISCOVERING AND ISOLATING DOS/DDOS ATTACKS

by Yoram Orzach, author of “Network Analysis Using Wireshark Cookbook” and various technical articles, experienced in design, implementation, and troubleshooting, along with training for R&D, engineering, and IT groups.

Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attacks are attempts to make a computing or network resource unavailable to its users. There are various types of DoS/DDoS attacks, some load the network to the point it is blocked for applications traffic, some load servers to that point, and some are more sophisticated and try to “confuse” the application servers with bad data. Although there are various tools for detection and prevention of these types of attacks, good old Wireshark can also be used for this purpose. In this article we will see some important features of Wireshark, were to place it for capturing data, and how to use it to identify attack patterns

12. SNEAKY DNS: FORENSIC ANALYSIS ON HTTP TUNNELLING OVER DNS

by Andrius Januta, Teaching Assistant at Cyber Systems Security Lab in Stokholm University, author of “Information Security Audit Under Performance ISO/ IEC 27000 Family Standard Requirements “ in Journal of young scientist 2011

This article describes how one of the Internet’s core protocols is usually overlooked in organization’s network security. This protocol is DNS, which in recent years gets more and more implemented in various cyber attacks. This paper unravels how DNS tunnelling is used for malicious communications or for data exfiltration.

13. AUTOMATED INSPECTION OF X-RAY CARGO IMAGES USING WIRESHARK, IMAGE STENOGRAPHY, AND MACHINE LEARNING
by Wilbert A. McClay, PhD, Research Scientist on digital forensics, machine learning and signal processing; and Akshay Nayak

We have seen numerous movies in which smugglers and mobsters smuggle drugs or even weapons in a port until they are interrupted by a Rogue cop or a vigilante who catches them red handed and gives them a beating of their life. What if there was a more subtle way to do this? This article involves a real life scenario in which something similar occurs. Here, we show how a good network administrator or forensic investigator can catch a corrupt port official involved with a syndicate. This official is supposedly sending the bad guys inside information regarding the containers such as container number, weapon contained and location of drop. Wireshark is used to sniff network packets and a host of other tools (i.e. machine learning algorithms and stenography tools) are used to uncover the information.

Buy this issue


Download
File
eForensics_07_2014.pdf
eForensics_07_2014.epub

July 30, 2021
Subscribe
Notify of
guest

16 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Diego Egea
6 years ago

Fucking wasted time, be carefull !!!!
All my facebook info already taken by them and any download…… Wasted time …. :-(

[STAFF MEMBER]
Admin
6 years ago
Reply to  Diego Egea

Hi Diego, sorry you feel that way – we thought that the description was clear that this is not a free issue. You can find all our free publications here: https://eforensicsmag.com/free-magazines/ If you would like to delete your account (and all of your information) from our userbase you have to do two things: 1) go to your account settings here and click “delete account”. 2) go to your Facebook account settings, click “Applications” and find the “eforensics login” app in there, then delete it. If you have any questions or doubts feel free to contact us – we definitely don’t… Read more »

John Doe
John Doe
6 years ago
Reply to  Diego Egea

Totally agree, giant “FREE CONTENT” box to right of article, absolutely misleading.

donald.ditsela
8 years ago

please can i get it for free

[email protected]
9 years ago

hell ,
Can I download the magazine for free….thank you

vkallens@icloud.com
9 years ago

Hello
I can’t download.
I think my subscription finishes until December 25.
Can you helpme please ??

Thanks !

hiep.dcng
Admin
9 years ago

Please check your email, a file was just sent

Soporte-insys
9 years ago

I cann´t download this file!

hiep.dcng
Admin
9 years ago
Reply to  Soporte-insys

You will require a subscription to download issues, free users can only download from free section https://eforensicsmag.com/downloads/free/

veenu_gandotra
9 years ago

Not able to Download

Joanna Kretowicz
Admin
9 years ago
Reply to  veenu_gandotra

Hello, are you supposed to have premium account?

Manish Gokani
9 years ago

Hello,

Can, t download

hiep.dcng
Admin
9 years ago
Reply to  Manish Gokani

try now your access level was updated

cecil.su@owasp.org
9 years ago

e-mag is missing here too?

Joanna Kretowicz
Admin
9 years ago

It’s ok now

Alain Slar
Alain Slar
9 years ago

You’re a beautiful and very intelligent woman!

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023