Try to understan a ...
 
Notifications
Clear all

Try to understan a result of Ethereal capture

5 Posts
5 Users
0 Reactions
390 Views
Pato1960
(@pato1960)
Active Member
Joined: 18 years ago
Posts: 6
Topic starter  

Hi
I used Ethereal to obtain traffic of a red.
I try to understand what is the meaning of the resultas that appears in a tipical capture.
Is there a paper or a manual that explain it?
Thanks a lot
Patricia
-Argentina-


   
Quote
(@bithead)
Noble Member
Joined: 20 years ago
Posts: 1206
 

Ethereal Users Guide

In many cases Wireshark has replaced Ethereal.
Wireshark Users Guide

Wireshark Wiki

Also some books on the subject
Ethereal Packet Sniffing (Syngress) [ILLUSTRATED] (Paperback)

Wireshark & Ethereal Network Protocol Analyzer Toolkit (Jay Beale's Open Source Security) (Jay Beale's Open Source Security) [ILLUSTRATED] (Paperback)


   
ReplyQuote
(@yuval-bercovich)
New Member
Joined: 16 years ago
Posts: 3
 

Hi
I used Ethereal to obtain traffic of a red.
I try to understand what is the meaning of the resultas that appears in a tipical capture.
Is there a paper or a manual that explain it?
Thanks a lot
Patricia
-Argentina-

IMHO, BitHead reading material are the best way to start if you haven't done any network examination.
the second thing to do, if you have no idea what you are looking for, and just fishing for any leads, is to define what i call "few basic truths" that if anything you see defys them, you'll know that something is wrong and you need to check it.
example - "these servers should never start talking to the internet."
"no computer/server in my company should be in any connection with Russia"

the next phase is to find out how , using Wireshark or any other app' (i prefer NGREP and TCPdump), how to check the truths you've listed.

good luck


   
ReplyQuote
(@taffwatts)
New Member
Joined: 16 years ago
Posts: 1
 

@Pato1960
It might help if you could get a baseline packet trace and compare that, (although if you suspect a network has been compromised it may be too late).

OpenPacket.org have some good example trace files that you can download and analyse to familiairise yourself with different types of network traffic. Also packet-level.com have example trace files.

Finally, another excellent book for learning how to interpret Wireshark trace files is "Practical Packet Analysis" by Chris Sanders.

-Taffwatts


   
ReplyQuote
(@miket065)
Estimable Member
Joined: 21 years ago
Posts: 187
 

Pato1960,

Not knowing exactly what you are trying to learn, I have found the best way for me to learn what a capture "should" look like is to capture my own traffic when I conduct a certain activity (visit a web page, transfer a file via ftp, telnet, etc.".


   
ReplyQuote
Share: