Wireshark

Real-time PCAP-over-IP in Wireshark
Did you know that it is possible to stream captured packets from a remote device or application to Wireshark in real-time using PCAP-over-IP? This blog post explains how you can configure Wireshark ...

Open .ETL Files with NetworkMiner and CapLoader
Windows event tracing .etl files can now be read by NetworkMiner and CapLoader without having to first convert them to .pcap or .pcapng. The ETL support is included in NetworkMiner 2.7.2 and ...

Corelight Sensors detect the ChaChi RAT
By Paul Dokas, Keith Jones, Anthony Kasza, Yacin Nadji, & Vern Paxson – Corelight Labs Team Recently Blackberry analyzed a new GoLang Remote Access Trojan (RAT) named “ChaChi.” This sample was interesting ...

Community ID support for Wireshark
By Christian Kreibich, Principal Engineer, Corelight The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d ...

Mixed VLAN tags and BPF syntax
By Richard Bejtlich, Principal Security Strategist, Corelight This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring. Introduction I have been writing ...

Thinking of a Cybersecurity Career? Read This
Thousand of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Here's a look ...

Discovered Artifacts in Decrypted HTTPS
We released a PCAP file earlier this year, which was recorded as part of a live TLS decryption demo at the CS3Sthlm conference. The demo setup used PolarProxy running on a Raspberry ...

RawCap Redux
A new version of RawCap has been released today. This portable little sniffer now supports writing PCAP data to stdout and named pipes as an alternative to saving the captured packets to ...

Sharing a PCAP with Decrypted HTTPS
Modern malware and botnet C2 protocols use TLS encryption in order to blend in with 'normal' web traffic, sometimes even using legitimate services like Twitter or Instagram. I did a live demo ...

Tshark: 7 Tips on Wireshark’s Command-Line Packet Capture Tool
If your current capture process can’t keep up with the traffic and drops packets – you need a new capture process. No debates here. Analyzing a trace file in which you don’t ...