January 5

Webinar takeaway – BPF – Picking Packets

0  comments

My key takeaways

  • one lib to capture all pakets for all OS
  • BPF is to filter packages
    • better SNR for packet filtering
  • BPF filter effect only the programm you call it with
    • no change to the package itself
  • Process:
    • human creats filter
      • single quotes at the end of the line invoking the prg like tcpdump
      • double quotes for windump
    • programm pass it to libpcap
    • libpcap pass to kernel <- fast!
  • Works also fine with ngrep
  • you can stack multiple filters by putting one after the other at the end of the line each separated by a space

Env

additional links


Tags

packet capture, threat hunting


You may also like

Webinar takeaway – Applying The Threat Hunter’s Runbook

Webinar takeaway – Applying The Threat Hunter’s Runbook

Webinar takeaway – The Ins and Outs of RITA

Webinar takeaway – The Ins and Outs of RITA
Leave a Reply

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit markiert.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}