From the course: Wireshark: Malware and Forensics
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Using a ring buffer - Wireshark Tutorial
From the course: Wireshark: Malware and Forensics
Using a ring buffer
- [Narrator] When working with Wireshark, there are times that you want to capture a specific type of traffic. For example, that you heard that there was a new Trojan in the wild, and it used a specific port. You could open a packet capture, begin running it, and watch for that specific type of traffic. However unless you stop it and put it into a file, it could start to consume all of your resources. A better option is to simply use a ring buffer. A ring buffer will allow you to monitor the traffic, and it will continuously drop the traffic into a ring buffer and you could set up three ring buffers or five or how many ever you would like to set up, and it will continuously overwrite those files while you're monitoring your traffic. Now in this case, I want to monitor SSDP traffic. Now if you notice, there are no coloring rules. I've taken them all off to set us up. I'll go to simple service discovery protocol, and select the protocol. I'll right click and I'll say colorize with…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
Baseline your network4m 11s
-
Displaying data using filters3m
-
Creating complex filters5m 24s
-
Capture filters3m 18s
-
Using statistics3m 14s
-
Save, export, and print6m 28s
-
Coloring rules3m 55s
-
Using a ring buffer4m 24s
-
Challenge: HTTP packets39s
-
Solution: HTTP packets1m 27s
-
Challenge: Firewall rules1m 27s
-
Solution: Firewall rules3m 37s
-
-
-
-