Reading a packet capture file with Wireshark and tshark
Needle in Haystack
Wireshark doesn’t just work in real time. If you save a history of network activity in a pcap file using a tool such as tcpdump, you can filter the data with Wireshark to search for evidence.
Intrusion detection tools that use the libpcap C/ C++ library for network traffic capture (such as Snort and Tcpdump) can output packet capture information to a file for later reference. The format of this capture file is known as pcap. By capturing packet data to a file, an investigator can return later to study the history of an intrusion attempt – or to turn up other important clues about clandestine activity on the network.
Of course, the traffic history data stored in a pcap file is much too vast to study by just viewing the file manually. Security experts use specialized filtering tools to search through the file for pertinent information. One way to look for clues in a pcap file is to use the Wireshark protocol analysis tool [3] and its accompanying command-line utility tshark.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
US / Canada
UK / Australia
Direct Download
Read full article as PDF:
Price $2.95
News
-
A New Raspberry Pi Board
The new board packs everything that you get in Raspberry Pi 3B+ in a smaller package.
-
OpenStack Foundation Changes Name of the OpenStack Summit
New event will be known as the Open Infrastructure Summit
-
Red Hat Enterprise Linux 8 Beta
The latest version strikes a balance between past and future.
-
System76 Announces a Line of US-Made PCs
Thelio series is available for pre-order and will ship in early December.
-
IBM Acquires Red Hat
IBM is acquiring Red Hat, the most successful open source company.
-
Fedora 29 and Ubuntu 18.10 Released
New releases focus on boot time, new hardware, and modular design.
-
Redis Labs Modules Forked
New Commons Clause license rider causes Debian and Fedora developers to fork Redis Labs modules.
-
Microsoft Offers its Patent Portfolio
The company ends its long war; vows to protect Linux.
-
Red Hat Reports $823 Million in Revenue for Second Quarter 2019
Strong performance for cloud and container products leads to a 14% increase over last year.
-
Debian, Ubuntu, and Other Distros are Leaving Users Vulnerable
A security researcher says Linux vendors wait too long to patch the kernel.