Ruby Network Programming

Do you want to create custom network clients & servers in Ruby? Or just understand how that works? Then you will have to deal with sockets. Join me on this tour of ruby network programming to learn the basics, and start talking to other servers and clients using Ruby! So what are sockets? Sockets are … Read more

Network forensics with tshark

Let’s say we have a packet capture file (.pcap) and we want to get as much information out of it as possible. One option could be wireshark and its command line version tshark.¬†Using the latter we will be able to manipulate and format the output using tools like sed, grep, awk…

Extracting host names with tshark

Since we are dealing with mostly http traffic we may be interested in the sites that have been visited. To obtain this information we can use the http.host field and then a bit of sorting and this will show us the top 10 sites.

tshark -T fields -e http.host -r tor.pcap > dns.txt
cat dns.txt | sort | uniq -c | sort -nr | head

Read more

Finding windows host on your network

If you ever wondered if there is a quick way to find all the Windows host in your network with exact version information, you are in the right place! We are going to see a few tools that will aid us in this task by quering the CIFS service (also known as SMB / NetBIOS) which is run by all Windows host.

To get us started let’s see the nbtscan tool, we can give it network range in the form of a CIDR or just with two values separated with a dash. This will give us a nice list of all the Windows host on our network with their netbios names.

Read more

Socat: A very powerful networking tool

Welcome to this socat tutorial. Socat is a network utility similar to netcat. Socat supports ipv6 and ssl and is available for both windows and linux. The first thing you will notice with this tool is that it has a different syntax on what you are used to with netcat or other standard unix tools. … Read more

Four Ways to Extract Files From Pcaps

It’s time to extract files from pcaps. If you ever played with packet captures you probably thought it would be cool that you could actually get downloaded files so let’s see not only one way to do this, but four! 1. Wireshark: http export You can find this at File > Export > Objects > … Read more