comparing apple to orange

Comparison of tools that extract files from PCAP

One of the premier features in NetworkMiner is the ability to extract files from captured network traffic in PCAP files. NetworkMiner reassembles the file contents by parsing protocols that are used to ...
Online Network Forensics Training

Online Network Forensics Training

I will teach a live online class next month. The subject for the class is Network Forensics for Incident Response. The training is split into four interactive 4-hour sessions, so that you ...
capture.pcap_ng in Wireshark Preferences

How to set PCAP as default save file format in Wireshark

Did you know that there is a setting in Wireshark for changing the default save file format from pcapng to pcap? In Wireshark, click Edit, Preferences. Then select Advanced and look for ...
Reading PCAP Files (Directly) With DuckDB

Reading PCAP Files (Directly) With DuckDB

| | duckdb, pcap
We generate a ton of PCAP files at $DAYJOB. Since I do not always have to work directly with them, I regularly mix up or forget the various tshark, tcpdump, etc., filters ...
Wireshark SSLKEYLOGFILE

How to Inspect TLS Encrypted Traffic

Do you want to analyze decrypted TLS traffic in Wireshark or let an IDS, like Suricata, Snort or Zeek, inspect the application layer data of potentially malicious TLS encrypted traffic? There are ...
PCAP - Network Forensics Training - October 21-24, November 18-21

Online Network Forensics Class

I will teach two live online classes this autumn, one in October and one in November. The subject for both classes is network forensics for incident response. The training is split into ...
PCAP in the Morning - March 4-7 and 25-28

Network Forensics Training – Spring 2024

I will teach two live online network forensics classes in March, one on European morning time, and the other on US morning time. The subject for both classes is network forensics in ...
Network Forensics for Incident Response

Online Network Forensics Class

I will be teaching two live online network forensics classes this spring, one in March and one in April. The March class is adapted to American time and the April one is ...
PCAP over IP

What is PCAP over IP?

PCAP-over-IP is a method for reading a PCAP stream, which contains captured network traffic, through a TCP socket instead of reading the packets from a PCAP file. A simple way to create ...
CapLoader 1.9.4

CapLoader 1.9.4 Released

A new version of our advanced PCAP filtering tool CapLoader was released today. The new CapLoader 1.9.4 release includes features like JA3 hash extraction from TLS traffic and a fantastic thing called ...