Hi
I used Ethereal to obtain traffic of a red.
I try to understand what is the meaning of the resultas that appears in a tipical capture.
Is there a paper or a manual that explain it?
Thanks a lot
Patricia
-Argentina-
In many cases Wireshark has replaced Ethereal.
Also some books on the subject
Hi
I used Ethereal to obtain traffic of a red.
I try to understand what is the meaning of the resultas that appears in a tipical capture.
Is there a paper or a manual that explain it?
Thanks a lot
Patricia
-Argentina-
IMHO, BitHead reading material are the best way to start if you haven't done any network examination.
the second thing to do, if you have no idea what you are looking for, and just fishing for any leads, is to define what i call "few basic truths" that if anything you see defys them, you'll know that something is wrong and you need to check it.
example - "these servers should never start talking to the internet."
"no computer/server in my company should be in any connection with Russia"
the next phase is to find out how , using Wireshark or any other app' (i prefer NGREP and TCPdump), how to check the truths you've listed.
good luck
@Pato1960
It might help if you could get a baseline packet trace and compare that, (although if you suspect a network has been compromised it may be too late).
Finally, another excellent book for learning how to interpret Wireshark trace files is "Practical Packet Analysis" by Chris Sanders.
-Taffwatts
Pato1960,
Not knowing exactly what you are trying to learn, I have found the best way for me to learn what a capture "should" look like is to capture my own traffic when I conduct a certain activity (visit a web page, transfer a file via ftp, telnet, etc.".