Wireshark SSLKEYLOGFILE

How to Inspect TLS Encrypted Traffic

Do you want to analyze decrypted TLS traffic in Wireshark or let an IDS, like Suricata, Snort or Zeek, inspect the application layer data of potentially malicious TLS encrypted traffic? There are ...
PCAP over IP

What is PCAP over IP?

PCAP-over-IP is a method for reading a PCAP stream, which contains captured network traffic, through a TCP socket instead of reading the packets from a PCAP file. A simple way to create ...
Manage Interfaces in Wireshark

Real-time PCAP-over-IP in Wireshark

Did you know that it is possible to stream captured packets from a remote device or application to Wireshark in real-time using PCAP-over-IP? This blog post explains how you can configure Wireshark ...
NetTrace.ETL in CapLoader 1.9.3 and NetworkMiner 2.7.2

Open .ETL Files with NetworkMiner and CapLoader

Windows event tracing .etl files can now be read by NetworkMiner and CapLoader without having to first convert them to .pcap or .pcapng. The ETL support is included in NetworkMiner 2.7.2 and ...
Corelight Sensors detect the ChaChi RAT

Corelight Sensors detect the ChaChi RAT

By Paul Dokas, Keith Jones, Anthony Kasza, Yacin Nadji, & Vern Paxson – Corelight Labs Team Recently Blackberry analyzed a new GoLang Remote Access Trojan (RAT) named “ChaChi.” This sample was interesting ...
Community ID support for Wireshark

Community ID support for Wireshark

By Christian Kreibich, Principal Engineer, Corelight The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d ...
Mixed VLAN tags and BPF syntax

Mixed VLAN tags and BPF syntax

By Richard Bejtlich, Principal Security Strategist, Corelight This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring.  Introduction I have been writing ...
What is TCP/IP?

Thinking of a Cybersecurity Career? Read This

Thousand of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Here's a look ...
Laptop, Raspberry Pi, PolarProxy, Internet ASCII

Discovered Artifacts in Decrypted HTTPS

We released a PCAP file earlier this year, which was recorded as part of a live TLS decryption demo at the CS3Sthlm conference. The demo setup used PolarProxy running on a Raspberry ...
RawCap

RawCap Redux

A new version of RawCap has been released today. This portable little sniffer now supports writing PCAP data to stdout and named pipes as an alternative to saving the captured packets to ...

Application Security Check Up