Posts

Wireshark for Security Analysis | Filter for unusual DNS packets

Image
                                                              This is a quick exercise to practice the previous information mentioned in the Wireshark customization article Download the pcap file from here and try to answer the following questions Questions How many UDP/TCP conversations do you see in this pcap? How many DNS conversations do you see in this pcap, and How many of them are malformed? How many DNS responses do you see? Do any of the responses have more than 100 answers? Can you set and save a filter for this activity? What is the packet with the most Answer RRs? How many UDP/TCP conversations do you see in this pcap? Answers How many UDP/TCP conversations do you see in this pcap? Statistics > Conversations How many DNS conversations do you see in this pcap, and How many of them are malformed? Statistics > Protocol Hierarchy How many DNS responses do you see? Filter for DNS > choose any packet > Right-click on the Response flag > Apply as a Filte

Wireshark for Security Analysis | Customization & Common features

Image
1/ Introduction What is Wireshark? Wireshark is a network packet analyzer. A network packet analyzer presents captured packet data in as much detail as possible. You could think of a network packet analyzer as a measuring device for examining what’s happening inside a network cable, just like an electrician uses a voltmeter for examining what’s happening inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, that has changed. Wireshark is available for free, is open source, and is one of the best packet analyzers available today.  wireshark.org/docs/ Some intended purposes Here are some reasons people use Wireshark: Network administrators use it to troubleshoot network problems Network security engineers use it to examine security problems QA engineers use it to verify network applications Developers use it to debug protocol implementations People use it to learn netwo

Fortinet NSE3 Certification | Course Notes

Image
The product lessons and use cases in this course are organized into the following Fortinet Security Fabric pillars: Security-Driven Networking Zero Trust Access Adaptive Cloud Security Security Operations To complete the course, you must successfully complete the Security Fabric Overview lesson, all lessons, and quizzes in the Security-Driven Networking module, plus at least one additional module of your choice. Module 1: Security Fabric Overview  Module Objectives Be conversant on the products that comprise the Fortinet Security Fabric, and understand the problems they solve  Recommend appropriate products to solve organizational network security problems Why is this course important This course will help you solve network security problems by understanding the characteristics of the Security Fabric, the capabilities of the products that comprise it, and how they interlock to provide a superior defense against today's most sophisticated cyberattacks. Organizational Problems and Pa