July 7

Webinar takeaway: Hacking Packet Captures: The Foundations of Network Security

0  comments

My key takeaways

  • Zeek does not capture whole packets but saves summaries of all conversations it sees to log files
    • saves time and space
    • "You wouldn’t normally use Zeek for packet capture, instead you use it for analysis." – Bill Stearn

  • Sending a lot more data then recieving might indicate malicious traffic
  • use NetworkMiner to reconstruct network packets
    • not free, but a free edition

Env

additional links


Tags

blue team, packet capture, zeek


You may also like

Webinar takeaway – The Ins and Outs of RITA

Webinar takeaway – The Ins and Outs of RITA

Webinar takeaway – How to Detect and Respond to Business Email (M365) Compromise

Webinar takeaway – How to Detect and Respond to Business Email (M365) Compromise
Leave a Reply

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit markiert.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}