1 / 26

We Don't Need No Stinkin ' GUI: Command-Line Capture Techniques (Remote Options)

SIM202. We Don't Need No Stinkin ' GUI: Command-Line Capture Techniques (Remote Options). Laura Chappell Founder, Wireshark University Founder, Chappell University. It’s Baaaaack ! Laura’s Lab Kit v10. Tenth Anniversary Edition Available for free at the Global Knowledge booth (#1803)

delano
Download Presentation

We Don't Need No Stinkin ' GUI: Command-Line Capture Techniques (Remote Options)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SIM202 We Don't Need No Stinkin' GUI: Command-Line Capture Techniques (Remote Options) Laura Chappell Founder, Wireshark University Founder, Chappell University

  2. It’s Baaaaack!Laura’s Lab Kit v10 Tenth Anniversary Edition Available for free at the Global Knowledge booth (#1803) Trace files and training for network forensics and troubleshooting Announcing

  3. Why Use CLI Capture? • Packet loss • Lower resource requirements • Easy to distribute CLI tools

  4. Tshark vs. Dumpcap • Both CLI capture tools included with Wireshark • Tshark relies on dumpcap for capture • Tshark offers more flexibility during the capture process

  5. Tshark Setup • Put it in your path! • Run from your “traces” directory

  6. Key Parameters

  7. Key Parameters Example:

  8. Key Parameters show during capture Example:

  9. Key Parameters Example:

  10. Key Parameters Example: Bug 2234: Filtering tshark captures with display filters (-R) doesn’t work

  11. Key Parameters Example:

  12. Extracting Fields at Command-Line

  13. Extracting Fields at Command-Line

  14. Statistics with Tshark

  15. Examples to Try

  16. Examples to Try

  17. Examples to Try

  18. ask.wireshark.org

  19. Remote Capture • In Wireshark… see Capture Options Address 1 Address 2 Address 3 rpcapd rpcapd rpcapd

  20. rpcapd.exe Parameters • rpcapd –b 10.2.4.2 -n

  21. Required Slide Speakers, please list the Breakout Sessions, Interactive Discussions, Labs, Demo Stations and Certification Exam that relate to your session. Also indicate when they can find you staffing in the TLC. Related Content • SIM201: Wiretapping 101: Catching Evidence on the Network • WCL201: Become a Wireshark Guru: 10 Hot Skills for Faster Troubleshooting • SIM327: Rethinking Cyber Threats: Experts Panel • Laura’s Lab Kit v10 DVD: Available at the Global Knowledge booth 1803 • Wireshark Certified Network Analystwww.wiresharktraining.com/certification • Find Me Later At… the Global Knowledge Booth

  22. Trustworthy Computing Safety and Security Center http://www.microsoft.com/security Security Development Lifecycle http://www.microsoft.com/sdl Security Intelligence Report http://www.microsoft.com/sir End to End Trust http://www.microsoft.com/endtoendtrust

  23. Resources • Connect. Share. Discuss. http://northamerica.msteched.com Learning • Sessions On-Demand & Community • Microsoft Certification & Training Resources www.microsoft.com/teched www.microsoft.com/learning • Resources for IT Professionals • Resources for Developers http://microsoft.com/technet http://microsoft.com/msdn

  24. Complete an evaluation on CommNet and enter to win!

More Related