Wireshark fits nicely in any toolbox of the network forensic analyst and ethical hacker. From hundreds of dissectors that decode the protocol and application fields, to the customization capability that enables you to find that one item of interest in a sea of packets, Wireshark gives you all the necessary insights into traffic. “Wireshark for Hackers” will be a two-part series where we will attempt to turn your crawl into a walk… and maybe even a little swagger.
In Part I, we will start with some less-sexy baseline and passive discovery hacks with Wireshark. They’re necessary skills, but they won’t be included in a top-ranked film anytime soon. We will then detect unsecured and suspicious traffic on the network and later reassemble some of the suspect traffic elements. Then stay tuned for Part II next month, where we’ll force Wireshark to properly dissect traffic that is using a non-standard port number and add some columns to speed up the detection of a malicious HTTP redirection. We will finish up by decrypting TLS traffic and creating a trace file that contains an embedded TLS session key.