This is quite long, and explains the quantity of packets received in this network capture : 94 410 lines. We also see that the elapsed time of the capture was about 4 hours and 22 minutes. We can see that the SHA1 and SHA256 hash signatures match with the ones given in the scenario (as expected). It is usefull to check the source data in a “compact” format (instead of binary which would be very long)Īs a very first step, you can easily gather statistics about this capture, just using the statistics module of Wireshark : Statistics => Capture File Properties In the third section, we have the details of the packet number 1 in HEX format. For packet number 1, we have informations about the first four layers (respectively n☁ “wire”, n☂ “Ethernet”, n☃ “IP”, n☄ “TCP”) In the second section, you see the details of a packet (here packet/frame number 1), shown according to the main layers of the OSI model. In the first section, you get the list of packets/frames ordered by number, time, source IP, destination IP, protocol, length, and informations about content You get a first overview of the very long list of packets captured Just click on the PCAP file, and it should open in Wireshark. The first one is the presentation of the Case : This scenario includes two important documents All the material is available here, published under the CC0 licence :
I’m going to follow step by step a network forensics case, the Nitroba State University Harrassment Case.
You can easily download and install Wireshark here, on a Windows 10 machine for example, and NetworkMiner here In this article, I’m going to show you how to use Wireshark, the famous network packet sniffer, together with NetworkMiner, another very good tool, to perform some network forensics.
0 kommentar(er)
