Pentester Academy - Tshark
English | Size: 824.8 MB
Genre: eLearning

Most of us have used Wireshark either academically or professionally for traffic analysis. Its a great tool for microscopic analysis of what is happening in the network. However, its greatest strength is also its greatest weakness i.e. it is extremely difficult to do macroscopic analysis, create custom reports, extract only certain fields from packets for offline analysis etc. This is where Tshark comes in! Tshark is a command line tool created by the Wireshark team and shares the same powerful parsing engine as Wireshark. It is capable of doing most things we've come to love Wireshark for, but with the "from command line" advantage. This makes it ideal for batch analysis, offline processing and routine automation of traffic analysis tasks. In this course, we will explore many of these capabilities. It is assumed you have a basic working knowledge of Wireshark and traffic analysis.

A non-exhaustive list of topics to be covered include:

Tshark basics
Automating activities with Tshark
Parsing
Filtering
Display, Capture and Read Filters
Single and Multi-Pass filters
Decoding
Field extraction
Locating field names
Exporting extractions
Summarization
Pipelining with Linux Utils e.g. sort, uniq
Exporting of results
PDML, PSML, JSON, ELK schema
Pipelining with other tools
Python automation
Pyshark

I recommends Buy premimum account for High speed+parallel downloads!

Nitroflare


Rapidgator