![]() Thus, I like to use the ‘sort’ and ‘uniq’ tools for searches such as this to only show me distinct and unique values. In the same log file, there is a field called host_name that will provide the hostname of the Windows client.Ĭat dhcp.log | bro-cut client_addr host_name | sort | uniq 172.17.1.129 Nalyvaiko-PCĭepending on the size of the PCAP, these logs could get quite large. ![]() Q2: What is the host name for the Windows client at 172.17.1.129? A: Nalyvaiko-PC The mac field within dhcp.log is the MAC addressed assigned to the device, and client_addr is the IP address of the client. Thus, for this question, we want to look at dhcp.log:Ĭat dhcp.log | bro-cut mac client_addr 00:1e:67:4a:d7:5c 172.17.1.129 IP addresses are assigned to a device (by their MAC address) via the DHCP protocol. Input/command will be on the first line output will be on the second line Each command and output will be highlighted using the quote tab like so: I’ll be providing a detailed set of answers for each question, with some exploration of different linux tools for efficiently breaking down the data set. On the same page is a download link to the PCAP, which is called - 2-of-2. The twelve questions can be found at the bottom of the page. I’ll be going through the second part of the following CTF that has created and shared on his website. That’s what this whole blog post is about. īecause sharing is caring, here’s a resource I use quite often for when I forget all the different fields within a Bro log file. Otherwise, you can find the package here:, along with their webpage for further details. Security Onion was my VM of choice as it already has Bro installed. This is the use case for when I’d start up my virtual machine (VM) as opposed to opening the file in Wireshark.īro is a network security monitoring (NSM) tool, which I like to think of as an advanced Intrusion Detection System something that you might deploy for traffic inspection, detecting attacks, log capturing, and event correlation. Not only this, but it makes analysing that much faster when you’re dealing with a very large network capture. However recently I was exposed to the wonders of bro-cut, a fun little function of Bro IDS (now renamed to Zeek) that allows you to segregate PCAPs into Bro logs http, dns, files, smtp and much more. Now to examine a packet closely we shall select a packet and in the expert view in the packet detail section just below the packet list we shall be having the TCP parameters as you can see in the below diagram.Wireshark has always been my go-to for PCAP analysis. ACK, SYN, SYN-ACK is listed on their respective side. You can observe these three steps in the first three packets of the TCP list where each of the packet types i.e. Direct Sequence Spread Spectrum in Wireless Networks.Information Security and Computer Forensics.Two Factor Authentication Implementation Methods and Bypasses.Top 50 Penetration Testing Interview Questions and Answers.Frequency-Hopping Spread Spectrum in Wireless Networks.Top 5 Programming Languages For Ethical Hackers.How to Setup Burp Suite for Bug Bounty or Web Application Penetration Testing?.ISRO CS Syllabus for Scientist/Engineer Exam.ISRO CS Original Papers and Official Keys.GATE CS Original Papers and Official Keys.Full Stack Development with React & Node JS(Live).Android App Development with Kotlin(Live).Java Programming - Beginner to Advanced.Data Structure & Algorithm-Self Paced(C++/JAVA).Data Structure & Algorithm Classes (Live).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |