Reading a packet capture file with Wireshark and tshark
Needle in Haystack
Wireshark doesn’t just work in real time. If you save a history of network activity in a pcap file using a tool such as tcpdump, you can filter the data with Wireshark to search for evidence.
Intrusion detection tools that use the libpcap C/ C++ library for network traffic capture (such as Snort and Tcpdump) can output packet capture information to a file for later reference. The format of this capture file is known as pcap. By capturing packet data to a file, an investigator can return later to study the history of an intrusion attempt – or to turn up other important clues about clandestine activity on the network.
Of course, the traffic history data stored in a pcap file is much too vast to study by just viewing the file manually. Security experts use specialized filtering tools to search through the file for pertinent information. One way to look for clues in a pcap file is to use the Wireshark protocol analysis tool [3] and its accompanying command-line utility tshark.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
US / Canada
UK / Australia
Direct Download
Read full article as PDF:
Price $2.95
News
-
OpenSSH Now Supports FIDO/U2F Security Keys
SSH users can now add FIDO/U2F to the list of supported multi-factor authentication tools.
-
System76 Launches New AMD Threadripper Machine
System76 has added an AMD Threadripper option for their Thelio desktop lineup.
-
LibreOffice 6.4 Released
The unofficial office suite for the Linux platform has performance in mind for users.
-
Official Evernote Client Coming to Linux
The most widely-used note-taking app is coming to Linux.
-
Thanks to Linux, Google and Valve are Bringing Steam to Chromebooks
In yet another win for desktop Linux, Google and Steam are about to up the Chromebook gaming field.
-
Kubuntu Focus Laptop Now Ready for Preorder
If you’ve ever wanted a KDE-specific, Linux-powered laptop, now’s your chance.
-
Dell Adds a Much-Requested Feature to the New XPS Developer Edition Laptop
Linux users are in for a treat when Dell releases the next iteration of the Ubuntu-powered XPS Developer Edition laptop.
-
Bonsai Promises to Make Syncing Gnome Devices Easier
Red Hat developer, Christian Hergert has been working on a GNOME desktop syncing project with lots of promise.
-
Elementary OS 5.1 Has Arrived
One of the most highly regarded Linux desktop distributions has released its next iteration.
-
Linux Mint 19.3 Will be Released by Christmas
The developers behind Linux Mint have announced 19.3 will be released by Christmas 2019.