2022-01-20 14:36:18
PCAP Analysis
Hi there.
I am just starting to learn about PCAP analysis/forensics. I am experienced in Windows OS forensics and never really worked with PCAPs before. What's some of the tools everyone uses besides Wireshark? I've been reading up on Zeek.
antmar9041Look at BRIM (https://www.brimdata.io/)
But esential for pcap analysis is knowleadge about network, pacets etc.
sidi7Network Miner is a good tool.
downtownatomizerOne thing I'd like to re-emphasize it that most tools do the same stuff with a few (mostly) minor differences. Ultimately, it's not the tool but how one uses it. There are a plethora of features in wireshark (or any one tool) and in my view, spending time to learn one or two but learning it to its fullest is the best way to excel.
Also, sorry, no one asked for me advice, I felt like mentioning so that if folks who are just getting into security read this, they shouldn't feel overwhelmed.
kaizen_kid @malwr
109 views11:36