tcpdump
What is PCAP over IP?
PCAP-over-IP is a method for reading a PCAP stream, which contains captured network traffic, through a TCP socket instead of reading the packets from a PCAP file. A simple way to create ...
BPFs
Introduction What are Berkeley Packet Filters? BPF’s are a raw (protocol independent) socket interface to the data link layer that allows filtering of packets in a very granular fashion1. BPFs were first ...
Pcaps and the Tools That Love Them Part 1 of ???
There are many pcap tools available and which ones you use really depends on what you're using them for. Some are very good at just giving you the raw data, others parse ...
Mixed VLAN tags and BPF syntax
By Richard Bejtlich, Principal Security Strategist, Corelight This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring. Introduction I have been writing ...
Thinking of a Cybersecurity Career? Read This
Thousand of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Here's a look ...
Tshark: 7 Tips on Wireshark’s Command-Line Packet Capture Tool
If your current capture process can’t keep up with the traffic and drops packets – you need a new capture process. No debates here. Analyzing a trace file in which you don’t ...