Home > network, Pen Test, Security Tools > Logging Attack Traffic

Logging Attack Traffic

When performing a test, it is important that you log all your activity so that you have proof of what you were doing, in case anything goes awry (and it is not your fault!). Here are a couple methods of logging activity:

  • Wireshark: before you start capturing data, in the Capture Options window select “Use multiple files” and in the “Next file every” field specify the upper limit of the file size that you desire (a new file will be created once the current file reaches that limit) – see image below.
  • Tshark (found in the c:\program files\wireshark directory): c:\program files\Wireshark\tshark.exe -i [interface] -w [base file name] -b filesize:[file size in KB]  -p [this flag restricts monitoring to current VM, otherwise all VM traffic will be captured]
    • This option doesn’t put as much strain on your machine as using Wireshark does
  • tcpdump: tcpdump -i [interface, use ‘tcpdump -D’ to get list] -w [base file name] -C [file size in MB]
    • Another low resource option

wireshark

Advertisements
  1. June 13, 2013 at 5:21 pm

    Have you had a chance or opportunity to try out cascade from Riverbed? It uses shark but with a very interesting interface.

    • Lee
      July 19, 2013 at 2:24 pm

      I haven’t tried it. Wireshark meets my needs for GUI, and tshark I like as a simple command line tool – no frills, low resource usage.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: