0

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Hands-On Network Forensics

You're reading from Hands-On Network Forensics Investigate network attacks and find evidence using common network forensic tools

Product type Paperback

Published in Mar 2019

Publisher

ISBN-13 9781789344523

Length 358 pages

Edition 1st Edition

Languages

C

Tools

Wireshark

Concepts

Forensics

Author (1):

Nipun Jaswal

View More author details

Table of Contents (16) Chapters

Preface

1. Section 1: Obtaining the Evidence

2. Introducing Network Forensics FREE CHAPTER

3. Technical Concepts and Acquiring Evidence

4. Section 2: The Key Concepts

5. Deep Packet Inspection

6. Statistical Flow Analysis

7. Combatting Tunneling and Encryption

8. Section 3: Conducting Network Forensics

9. Investigating Good, Known, and Ugly Malware

10. Investigating C2 Servers

11. Investigating and Analyzing Logs

12. WLAN Forensics

13. Automated Evidence Aggregation and Analysis

14. Other Books You May Enjoy

Leave a review - let other readers know what you think

15. Assessments

Decoding the Metasploit shell

Let's start investigating the file in Wireshark to try to deduce what happened. We will focus on gathering the following details:

C2 server IP
C2 server port
Infected system IP
Infected system's port
Actions performed by the attacker
Time of the attack
Duration of the attack

Let's fire up Wireshark and choose Statistics | Conversations | TCP tab:

We can see that we have two conversations primarily between 192.168.46.128 and 192.168.46.129 on port 80 and 4433. Let's filter the conversation using TCP as the filter and analyze the output:

We can see that the first TCP packets (23-25) are nothing but the three-way handshake. However, next, we have a separate conversation starting from packet 71. Another strange thing is that the communication port being used is port 80. However, for some reason, the data being displayed is...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (1)

Nipun Jaswal

Nipun Jaswal

Nipun Jaswal is an international cybersecurity author and an award-winning IT security researcher with more than a decade of experience in penetration testing, Red Team assessments, vulnerability research, RF, and wireless hacking. He is presently the Director of Cybersecurity Practices at BDO India. Nipun has trained and worked with multiple law enforcement agencies on vulnerability research and exploit development. He has also authored numerous articles and exploits that can be found on popular security databases, such as PacketStorm and exploit-db. Please feel free to contact him at @nipunjaswal.

See other products by Nipun Jaswal

Other recommended products

Related to this chapter

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition has been updated to Kali Linux 2017.3 with the latest methodologies, including full coverage of the KRACK attack and how to defend against it. The book presents wireless pentesting from the ground up, introducing all elements of penetration testing and providing detailed coverage of modern hacking methods and attacks.

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition has been updated to Kali Linux 2017.3 with the latest methodologies, including full coverage of the KRACK attack and how to defend against it. The book presents wireless pentesting from the ground up, introducing all elements of penetration testing and providing detailed coverage of modern hacking methods and attacks.

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition has been updated to Kali Linux 2017.3 with the latest methodologies, including full coverage of the KRACK attack and how to defend against it. The book presents wireless pentesting from the ground up, introducing all elements of penetration testing and providing detailed coverage of modern hacking methods and attacks.

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition has been updated to Kali Linux 2017.3 with the latest methodologies, including full coverage of the KRACK attack and how to defend against it. The book presents wireless pentesting from the ground up, introducing all elements of penetration testing and providing detailed coverage of modern hacking methods and attacks.

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition has been updated to Kali Linux 2017.3 with the latest methodologies, including full coverage of the KRACK attack and how to defend against it. The book presents wireless pentesting from the ground up, introducing all elements of penetration testing and providing detailed coverage of modern hacking methods and attacks.

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition has been updated to Kali Linux 2017.3 with the latest methodologies, including full coverage of the KRACK attack and how to defend against it. The book presents wireless pentesting from the ground up, introducing all elements of penetration testing and providing detailed coverage of modern hacking methods and attacks.

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition has been updated to Kali Linux 2017.3 with the latest methodologies, including full coverage of the KRACK attack and how to defend against it. The book presents wireless pentesting from the ground up, introducing all elements of penetration testing and providing detailed coverage of modern hacking methods and attacks.

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition has been updated to Kali Linux 2017.3 with the latest methodologies, including full coverage of the KRACK attack and how to defend against it. The book presents wireless pentesting from the ground up, introducing all elements of penetration testing and providing detailed coverage of modern hacking methods and attacks.

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition has been updated to Kali Linux 2017.3 with the latest methodologies, including full coverage of the KRACK attack and how to defend against it. The book presents wireless pentesting from the ground up, introducing all elements of penetration testing and providing detailed coverage of modern hacking methods and attacks.

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition has been updated to Kali Linux 2017.3 with the latest methodologies, including full coverage of the KRACK attack and how to defend against it. The book presents wireless pentesting from the ground up, introducing all elements of penetration testing and providing detailed coverage of modern hacking methods and attacks.

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition has been updated to Kali Linux 2017.3 with the latest methodologies, including full coverage of the KRACK attack and how to defend against it. The book presents wireless pentesting from the ground up, introducing all elements of penetration testing and providing detailed coverage of modern hacking methods and attacks.

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition has been updated to Kali Linux 2017.3 with the latest methodologies, including full coverage of the KRACK attack and how to defend against it. The book presents wireless pentesting from the ground up, introducing all elements of penetration testing and providing detailed coverage of modern hacking methods and attacks.

Personalised recommendations for you

Based on your interests and search pattern

Mastering PowerShell Scripting

Mastering PowerShell Scripting

PowerShell scripts provides a convenient method for automating tasks, using them proficiently can be challenging. This all-inclusive guide begins at the basics and covers advanced concepts, equipping you with tips to become an expert in PowerShell Core 7.3 scripting.

May 2024 27h 32m

Network Automation with Nautobot

Network Automation with Nautobot

This book will help you understand why a network source of truth is needed for long-term network automation success, which will in turn save you hundreds of hours in deploying and integrating Nautobot into network automation.

May 2024 27h 12m

NGINX HTTP Server

NGINX HTTP Server

Explore the power of NGINX with this guide covering an array of essential practical topics, including securing your infrastructure with automatic TLS certificates, placing NGINX in front of your existing applications, and much more.

May 2024 8h 44m

Mastering Azure Virtual Desktop

Mastering Azure Virtual Desktop

This updated edition will help you plan an Azure Virtual Desktop Architecture, implement its infrastructure, and manage its access and security. With content aligned with the exam objectives, it'll help you ace the Microsoft AZ-140 exam.

Jul 2024 23h 56m

Learn Ansible will teach you how to write Ansible Playbooks for deploying simple apps. This updated edition covers the latest Ansible features, helping you confidently implement Ansible in your daily workflows.

May 2024 13h 48m

HashiCorp Terraform Associate (003) Exam Guide

HashiCorp Terraform Associate (003) Exam Guide

This book will help you explore HashiCorp Terraform and prepare for Associate (003) certification, from understanding core concepts to advanced modules. You'll gain hands-on expertise, troubleshoot with confidence, and more.

May 2024 11h 28m

Kubernetes – An Enterprise Guide

Kubernetes – An Enterprise Guide

Navigate the complexities of Kubernetes and fully leverage its capabilities for enterprise applications. This edition dives into advanced deployments, groundbreaking techniques, and insights that will elevate your skills and redefine your expertise.

Aug 2024 22h 44m

Atlassian DevOps Toolchain Cookbook

Atlassian DevOps Toolchain Cookbook

Master setting up a DevOps toolchain using Atlassian tools and Open DevOps as a framework with this recipe-driven guide to automated testing, integration, deployment, observability, and incident management for streamlining development processes.

Jul 2024 16h 48m

AWS Certified Developer Associate Certification and Beyond

AWS Certified Developer Associate Certification and Beyond

This is your guide to passing the challenging AWS Certified Developer – Associate certification exam and setting yourself up for a rewarding career. Through a sample project, it explains how to design, architect, and implement applications on AWS.

Jul 2024 23h 40m

Implementing GitOps with Kubernetes

Implementing GitOps with Kubernetes

This book provides step-by-step tutorials and hands-on examples for effectively implementing GitOps practices in your Kubernetes deployments. You'll learn how to automate, monitor, and secure your infrastructure for efficient application delivery.

Aug 2024 14h 48m