Home > network, Pen Test, Security Tools > Logging Attack Traffic

Logging Attack Traffic

June 11, 2013 Leave a comment Go to comments

When performing a test, it is important that you log all your activity so that you have proof of what you were doing, in case anything goes awry (and it is not your fault!). Here are a couple methods of logging activity:

  • Wireshark: before you start capturing data, in the Capture Options window select “Use multiple files” and in the “Next file every” field specify the upper limit of the file size that you desire (a new file will be created once the current file reaches that limit) – see image below.
  • Tshark (found in the c:\program files\wireshark directory): c:\program files\Wireshark\tshark.exe -i [interface] -w [base file name] -b filesize:[file size in KB]  -p [this flag restricts monitoring to current VM, otherwise all VM traffic will be captured]
    • This option doesn’t put as much strain on your machine as using Wireshark does
  • tcpdump: tcpdump -i [interface, use ‘tcpdump -D’ to get list] -w [base file name] -C [file size in MB]
    • Another low resource option

wireshark

Categories: network, Pen Test, Security Tools Tags: , ,
  1. rjtoy
    June 13, 2013 at 5:21 pm
    Reply

    Have you had a chance or opportunity to try out cascade from Riverbed? It uses shark but with a very interesting interface.

    • Lee
      July 19, 2013 at 2:24 pm
      Reply

      I haven’t tried it. Wireshark meets my needs for GUI, and tshark I like as a simple command line tool – no frills, low resource usage.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: