Logo
latest

Wireshark

  • Introduction
    • What?
    • Why?
    • How?
  • Nmap scans
    • Questions
  • ARP poisoning & on-path
    • Questions
  • Identifying hosts
    • Questions
  • Tunneling traffic
    • ICMP analysis
    • DNS analysis
    • Questions
  • Clear-text protocol analysis
    • FTP analysis
    • HTTP Analysis
    • User-Agent analysis
    • Questions
  • Encrypted protocol analysis
    • Decrypting HTTPS Traffic
    • Questions
  • Hunt clear-text credentials
    • Questions
  • Firewall rules
    • Questions

Snort

  • Introduction
    • What?
    • Why?
    • How?
  • Writing IDS rules
    • HTTP
    • FTP
    • Images
      • PNG
      • GIF
    • Torrent metafiles
    • Resources
  • MS17-010
  • Log4j
  • Brute force
  • Reverse shell

NetworkMiner

  • Introduction
    • What?
    • Why?
    • How?
  • Network forensics
    • Network forensics use cases
    • Advantages of network forensics
    • Challenges of network forensics
    • Sources of evidence
    • Primary purposes of network forensics
    • Investigated data types in network forensics
  • NetworkMiner in a nutshell
    • Operating modes
    • Pros and cons
      • Pros
      • Cons
    • Differences between Wireshark and NetworkMiner
    • NetworkMiner version differences
      • Mac address processing
      • Sent/received packet processing
      • Frame processing
      • Parameter processing
      • Clear-text processing

Zeek

  • Introduction
    • What?
    • Why?
    • How?
  • Network security monitoring
    • Network monitoring
    • Network security monitoring
  • Zeek in a nutshell
    • Differences between Snort and Zeek
    • Zeek architecture
    • Zeek frameworks
  • Signatures
    • Questions
      • HTTP
      • FTP
  • Scripts
    • GUI vs scripts
    • Customized script locations
    • Questions
    • Resources
  • Scripts and signatures
    • Questions
  • Frameworks
    • Questions
    • Resources
  • Packages
    • Questions
    • Resources
  • Anomalous DNS
    • Questions
  • Phishing
    • Questions
  • Log4J
    • Questions

Brim

  • Introduction
    • What?
    • Why?
    • How?
  • Brim in a nutshell
    • Brim vs Wireshark vs Zeek
  • Use cases
  • Malware C2 detection
    • Questions
  • Crypto mining
    • Questions
Network traffic analysis (NTA)
  • NTA
  • Blue Team
  • Improbability Blog
  • About the UU
  • Register

Network traffic analysis (NTA)

Spot and probe network anomalies using industry tools and techniques.

Wireshark

  • Introduction
  • Nmap scans
  • ARP poisoning & on-path
  • Identifying hosts
  • Tunneling traffic
  • Clear-text protocol analysis
  • Encrypted protocol analysis
  • Hunt clear-text credentials
  • Firewall rules

Snort

  • Introduction
  • Writing IDS rules
  • MS17-010
  • Log4j
  • Brute force
  • Reverse shell

NetworkMiner

  • Introduction
  • Network forensics
  • NetworkMiner in a nutshell

Zeek

  • Introduction
  • Network security monitoring
  • Zeek in a nutshell
  • Signatures
  • Scripts
  • Scripts and signatures
  • Frameworks
  • Packages
  • Anomalous DNS
  • Phishing
  • Log4J

Brim

  • Introduction
  • Brim in a nutshell
  • Use cases
  • Malware C2 detection
  • Crypto mining
Useful books
Next
Unseen University, 2023, with a forest garden fostered by /ut7.
Read the Docs v: latest
Versions
latest
Downloads
On Read the Docs
Project Home
Builds