blog.packet-foo.com
Sanitization/Anonymisation | Packet Foo | Analyzing network packets since 2003
https://blog.packet-foo.com/category/cap/sanitizationanonymisation
Archive for the ‘Sanitization/Anonymisation’ category. Tracewrangler was always supporting IPv6 from the start (even though without extension headers except fragmentation), but last weekend I realized that I could improve the sanitization feature due to something that is missing compared to IPv4: subnet masks. This may sound funny, but in fact the missing subnet masks help. It’s been a while…. PCAP and PCAPng sanitization tool for network analysts. Trace File Case Files: SMB2 Performance. On The Network ...
blog.packet-foo.com
May | 2015 | Packet Foo | Analyzing network packets since 2003
https://blog.packet-foo.com/2015/05
Archive for May, 2015. Sharkfest 2015 is coming up fast (22 days, 12 hours to go when typing this), and so I spend the morning hours of my Saturday for preparation of materials for my three talks. Since that also involves adding features and fixing bugs in TraceWrangler (which I also need for the large demo part of my […]. The Network Capture Playbook Part 2 Speed, Duplex and Drops. Trace File Case Files: SMB2 Performance. Sharkfest Europe 2016 Retrospective. My packet analysis toolset.
blog.packet-foo.com
Conferences | Packet Foo | Analyzing network packets since 2003
https://blog.packet-foo.com/category/conferences
Archive for the ‘Conferences’ category. Sharkfest Europe 2016 Retrospective. Finally, the annual Wireshark developer and user conference happened in Europe for the first time in October 2016 at the Hotel Papendal in Arnhem, the Netherlands. It was something many people kept asking for, and with a lot of work and effort, Janice and her team made it happen. Verifying IoCs with Snort and TraceWrangler. After detecting a network breach it is a good idea to scan the network for further Indicators of Compromis...
blog.packet-foo.com
Sharkfest 2015 recap | Packet Foo | Analyzing network packets since 2003
https://blog.packet-foo.com/2015/07/sharkfest-2015-recap
8220;Jasper, do you have a minute? I think that is the one sentence that I heard most at Sharkfest 2015. Which is the annual Wireshark developer and user conference. Which makes it the most interesting place to be for anyone doing network analysis, for business or fun/hobby (yes, those exist). People asking me for a minute involved Wireshark core developers, other speakers, and of course Sharkfest attendees. The week before Sharkfest I was attending FIRST conference in Berlin. Explaining a beta version o...
blog.packet-foo.com
Sharkfest | Packet Foo | Analyzing network packets since 2003
https://blog.packet-foo.com/category/conferences/sharkfest
Archive for the ‘Sharkfest’ category. Sharkfest Europe 2016 Retrospective. Finally, the annual Wireshark developer and user conference happened in Europe for the first time in October 2016 at the Hotel Papendal in Arnhem, the Netherlands. It was something many people kept asking for, and with a lot of work and effort, Janice and her team made it happen. This year at Sharkfest I offered a special capture file challenge I called “The Megalodon Challenge”. Other than the “normal”...8221; I think that is the...
blog.packet-foo.com
IPv6 | Packet Foo | Analyzing network packets since 2003
https://blog.packet-foo.com/category/ipv6
Archive for the ‘IPv6’ category. Tracewrangler was always supporting IPv6 from the start (even though without extension headers except fragmentation), but last weekend I realized that I could improve the sanitization feature due to something that is missing compared to IPv4: subnet masks. This may sound funny, but in fact the missing subnet masks help. It’s been a while…. The Network Capture Playbook Part 2 Speed, Duplex and Drops. Trace File Case Files: SMB2 Performance. My packet analysis toolset.
blog.packet-foo.com
Uncategorized | Packet Foo | Analyzing network packets since 2003
https://blog.packet-foo.com/category/uncategorized
Archive for the ‘Uncategorized’ category. Frame bytes vs. frame file headers. When capturing frames from a network there is more information recorded into the capture file than just the bytes of each frame. If you have ever looked at the PCAP or PCAPng file format specifications you have seen that each frame has an additional frame header containing important information that wasn’t part of the frame […]. A creative way of refusing connections. The Network Capture Playbook Part 2 Speed, Duplex and Drops.
blog.packet-foo.com
Wireshark | Packet Foo | Analyzing network packets since 2003
https://blog.packet-foo.com/category/cap/wireshark-cap
Archive for the ‘Wireshark’ category. The Network Capture Playbook Part 2 Speed, Duplex and Drops. In part one of the playbook series we took a look at general Ethernet setups and capture situations, so in this post (as in all others following this one) I’ll assume you’re familiar with the topics previously discussed. This time, let’s check out how speed and duplex can become quite important, and what “drops” are […]. Trace File Case Files: SMB2 Performance. Sharkfest Europe 2016 Retrospective. As any an...
blog.packet-foo.com
Jasper | Packet Foo | Analyzing network packets since 2003
https://blog.packet-foo.com/author/jasper
Author Archive for Jasper. The Network Capture Playbook Part 2 Speed, Duplex and Drops. In part one of the playbook series we took a look at general Ethernet setups and capture situations, so in this post (as in all others following this one) I’ll assume you’re familiar with the topics previously discussed. This time, let’s check out how speed and duplex can become quite important, and what “drops” are […]. Sharkfest Europe 2016 Retrospective. The Network Capture Playbook Part 1 – Ethernet Basics. As any...
blog.packet-foo.com
The Megalodon Challenge | Packet Foo | Analyzing network packets since 2003
https://blog.packet-foo.com/2015/07/the-megalodon-challenge
The Megalodon Challenge is bigger and a lot more complex than the usual Sharkfest capture file challenges. There are no highly specific questions that can be answered with a definitive answer. The general idea is to have participants solve a real world network analysis problem, with all its confusion, drawbacks and uncertainties. Unfortunately, the test had not been successful, and to makes matters worse nobody knew exactly why not. At a certain point in time during the test there would be unanswered...
SOCIAL ENGAGEMENT