Basic Forensics with Wireshark

[Daemon]

Well done man,i learned something by you, +1 by me too.
I have to read more about protocols etc. though cause i can't grasp some things.

Hmm.
http://compnetworking.about.com/od/networkprotocols/g/protocols.htm

that should give you a decent start. check all the links at the bottom. Basically though protocols are what allow the transfer of information over networks and the internet by creating certain standards for different types of applications/data and protocols also helps prevent data from being formed improperly which could cause a problem with the receiving computer/router/switch.

Thanks for all the positive feedback guys

[geXXos]

Thank you for the link man,very interesting, i appreciate your help.

[jeremy78]

+1 nice tutorial

[daskwhy]

Great SHARE !! THANK YOU!!

[Sparky712]

now, I recently went on a certain website... and I was shocked at what I found. This same file, (it must be... same email, and TCP stream) is being used there as a task they have, and apparently, in the recruitment process, they may possibly ask you how you solved the puzzle in this. Daemon, That's given me even more incentive to go through it XD

[Daemon]

now, I recently went on a certain website... and I was shocked at what I found. This same file, (it must be... same email, and TCP stream) is being used there as a task they have, and apparently, in the recruitment process, they may possibly ask you how you solved the puzzle in this. Daemon, That's given me even more incentive to go through it XD

Lol could be, if its the site im thinking of its not an actual recruitment process, thats just the scenario. I got the capture file from a guy I know who made it for others to mess with for fun, and he said it's cool if i used it for the demo.
Cheers though man, good luck with that

[parad0x]

What a tut, Daemon. +1 to you. This tut helped me in passing the forensic challenges of SO.Thank you very much.

[Sparky712]

Yeah, it's just a scenario, that they may ask you about. stumbling on that site though, has made me reevaluate how I teach myself this stuff.
+1 from me, for both the help, and for the source. very useful guide. It's brilliant!

[Deque]

That's a very good tutorial. I recently started to use Wireshark, so this will come in handy. Thank you and +1.

[Griffon Bossi]

on my server there are lines that are saying stuff like "hey who is xxx.xxx.xxx.xxx respond to xx.xxx.xxx.xxx" and i was wondering how to send packets like that to the router

[Daemon]

on my server there are lines that are saying stuff like "hey who is xxx.xxx.xxx.xxx respond to xx.xxx.xxx.xxx" and i was wondering how to send packets like that to the router

I have no idea what your asking. You mean packets in your capture that are like syn from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx?
I think what your asking about is sending syn, syn/ack packets to a server to check for a response right? If so then use nmap or another port scanning utility like that. If your asking about using code to do it, then ask in our c++ or python forums.

If im way off then please specify a bit more what your trying to do with details and posiibly examples and/or your end goal and ill see what i can do to help you out


@Deque
Thanks man, if your trying to do the SO foensics challenges yhen this article should help a lot. Glad i could help you out some man

[Griffon Bossi]

I have no idea what your asking. You mean packets in your capture that are like syn from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx?
I think what your asking about is sending syn, syn/ack packets to a server to check for a response right? If so then use nmap or another port scanning utility like that. If your asking about using code to do it, then ask in our c++ or python forums.

If im way off then please specify a bit more what your trying to do with details and posiibly examples and/or your end goal and ill see what i can do to help you out


@Deque
Thanks man, if your trying to do the SO foensics challenges yhen this article should help a lot. Glad i could help you out some man

thanks for trying to help, but im good. however. i do have one question i have packets just have a lot of giberish and i was wondering if there was a way i could understand it.


"[size=78%].....Y'yj0D...&.Gz..a.....]...... %L.{.xr....]DE..q..`....h..............j...#......Y<y......R..... .a..N_(...-m..$[....V27:hR=.j........a.D.<L!fk.O..Y.M..P.s.{..... .....k.z....o.Y......X:J...&.6..........7.<.J......}fY..f...9.... wF........I.........c...;.....>......h;[/size]
... "...!\...sz....e3.... ..A&..Y.E...:.M...V.\;i.......z.......K.)]D..Ah4.k..y...On&=..... .....
......UE.f."JG.~{.......3>.....{m..8...`.?!.O..
.H.x..o.... x....<.m%N)./..kns{#.o...Y.Y%{............6......x.>...8..b^
....
........u...^.R..aU.B.n6.}..M.$......8.UX...o.Tn...6...@m.K..... ..H..!hX.~..De{.]..~..k#X8.?.!..........n=...2..?D.M..v.!o....... ....D.G..#....Y.%.~H.8.r>.H.H.Q......oe............&..b..L....... ~..\.B/Yi-i...mq....'..P.............H...5....W..S.q....D..z..... Q.8w-''.R5.fnmC&...HLC....^.gxi......N..).g&6..QW.zH@K.B..g...... .}7.8..r..DJ$..-0UO.Z..'.!v....g......A.?pSP.-Oz#V#....[)...1.... #Tm...J.".K2...X.p.~W...r..U..pK......)  ...r(..=a...L]..;..Z.... .......P..(.D(.$........}...0........;.....".f..].Wa.h&8.B..0.... LF.r....S......I."...R.N...L6..~.........|U.9
'}.....#.
.^Y...... n.I...a."..p..bg.t4.|
,n.yJ...,......z.B/..W.9.K^....ZF.!\.ek.... ,..yY..7wn .S...#...o.y...0.&..."

[Daemon]

Depends, is it gibberish because its a file? If so just save it and open it like i did in the tutorial with the rar file.
If its because you captured an ssl stream (facebook) then theres nothing you can do that im aware of. It really just depends on where you got the packet capture from. If you want to PM me ill do what i can fo help you out.

Edit*
Check the encoding as well, that may give you a hint as to if you can view it or not. Thougj if its ssl your SOL as far as im aware.

[Griffon Bossi]

im going to just poke around on my own. and thanks for being an awesome dude.

[iTpHo3NiX]

im going to just poke around on my own. and thanks for being an awesome dude.

+1 He really is <3 u Daemon