PCAP over IP

What is PCAP over IP?

PCAP-over-IP is a method for reading a PCAP stream, which contains captured network traffic, through a TCP socket instead of reading the packets from a PCAP file. A simple way to create ...

BPFs

 Introduction What are Berkeley Packet Filters? BPF’s are a raw (protocol independent) socket interface to the data link layer that allows filtering of packets in a very granular fashion1. BPFs were first ...

Pcaps and the Tools That Love Them Part 1 of ???

| | bpfs, tcpdump
There are many pcap tools available and which ones you use really depends on what you're using them for. Some are very good at just giving you the raw data, others parse ...
Mixed VLAN tags and BPF syntax

Mixed VLAN tags and BPF syntax

By Richard Bejtlich, Principal Security Strategist, Corelight This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring.  Introduction I have been writing ...
What is TCP/IP?

Thinking of a Cybersecurity Career? Read This

Thousand of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Here's a look ...
EH-Net - Chappell - Tshark

Tshark: 7 Tips on Wireshark’s Command-Line Packet Capture Tool

If your current capture process can’t keep up with the traffic and drops packets – you need a new capture process. No debates here. Analyzing a trace file in which you don’t ...