How to use wireshark in cyber security

This tutorial explains how you can use wireshark in cyber security activity. Wireshark is a protocol analyzer which can help you to detect hackers. Security appliances uses deep packet inspection technique where protocol analysis is performed. This is the fundamental principle of wireshark.

In this article, we will understand two methods to use wireshark to detect hackers

How to use wireshark in cyber security signature based detection

Signature based detection is a techhnique by which cyber security attacks can be detected using known patterns. One of the way suspicious traffic is detected is by looking for specific patters in a packet.

An example is smurf attack where the source IP address in the IP header is a broadcast IP address to the same network. A filter can be written in wireshark to display all packets containing broadcast IP address as the destination IP address.

Filters can be written for various known attacks and hacking attempts detected.

How to use wireshark in cyber security anomaly based detection

Anomaly detection is the process by which normal traffic on the network is initially analyzed and any deviation from it can be suspected as abnormal or malicious traffic. This is another method by which security appliances detect malicious traffic.

To perform this with wireshark, you need to initially capture traffic on the network and understand normal traffic. Once a benchmark is identfied , any deviation from this could be a possible attack on the network. Note that this technique would not be as accurate as siganture based detections and could also lead to more false alarms.

Using the above two methods, you can use wireshark in detetcing cyber security atatcks.
——————————————————————————————————————-
Ebooks & Courses

Wireshark tutorials for Network administrators

TheWireshark tutorials for Network administrators is the utlimate wireshark cheat sheet which explains how to use wireshark for network analysis activity. It contains screenshots of wireshark filters and useful techniques which can be used for network administration. The ebook can be purchased from Amazon.

Nmap tutorials for network administrators

The Nmap tutorials for network administrators is the ultimate nmap cheat sheet which contains nmap commands recommended for day to day network administration activity. The book is ideal for network administrators using nmap for network analysis. The ebook can be purchased from Amazon.

Scapy Python Network Programming Course

The Scapy Python Network Programming Course teaches how to build your own network tools and scripts with Python & Scapy. The course teaches packet crafting framework with scapy and how to integrate Python with scapy to build your own network tools & scripts. The course contains detailed examples of source code with explanation.