Shone P Cyber

  In this blog: Wireshark in the security setting. The TCP handshake. What are DOS attacks? SYN flood attacks. Uncovering SYN flood attacks. Uncovering geo-location of DOS attacks. Map view. What's next? See my blog on Wireshark basics here.  See my blog on my favourite Wireshark alternative (TCPdump) here.  See my blog on DOS attacks here. See my blog on SYN flood attacks here. Wireshark in the security setting Wireshark can be used as a network trouble-shooter and as a tool for hackers to carry out attacks such as ARP poisoning or SYN flood attacks (also known as Denial-of-Service attacks).  The platform can also be used by security researchers to find evidence of such attacks taking place on the network layer.  As a packet sniffer, Wireshark can listen for packets but cannot send any out which means it is not a vulnerability scanner.  However, it can display packets in real time and offer insight on how each source IP interacts on the network. ...

In this blog: What is tcpdump? Installation. Usage. Saving captures to a file. Filtering output. Expressions. Understanding the output. Packet content.   The end? See my Wireshark blog here. See my blog on uncovering network attacks using Wireshark here.                                   What is tcpdump? Tcpdump is a command line alternative to Wireshark and runs natively on Linux based operating systems.  The tool is not as feature rich as Wireshark but can be faster and more efficient in capturing and displaying packets, hence why many network admins and security professionals like using tcpdump for quick analysis.  Being a command line tool allows it to be run on remote servers to troubleshoot networks where a gui may not be available. The .PCAP files can then be analysed with Wireshark later. Most Linux distributions come with tcpdump installed, so your distro might already have it d...