
Traffic Analysis: TSHARK Unleashed
Most of us have used Wireshark either academically or professionally for traffic analysis. It's a great tool for microscopic analysis of what is happening in the network. However, its greatest strength is also its greatest weakness i.e. it is extremely difficult to do macroscopic analysis, create custom reports, extract only certain fields from packets for offline analysis, etc. This is where Tshark comes in! Tshark is a command-line tool created by the Wireshark team and shares the same powerful parsing engine as Wireshark. It is capable of doing most things we've come to love Wireshark for, but with the "from the command line" advantage. This makes it ideal for batch analysis, offline processing, and routine automation of traffic analysis tasks. In this course, we will explore many of these capabilities. It is assumed you have a basic working knowledge of Wireshark and traffic analysis.Contents
Code:
001-course-introduction.mp4
002-packet-capturing.mp4
003-packet-export.mp4
004-pdml-html.mp4
005-display-capture.mp4
007-extract-sort-uniq.mp4
008-summaries-1.mp4
009-summaries-2.mp4
010-summaries-3.mp4
011-ring-buffer.mp4
012-decode-as.mp4
013-preference-ssl-decryption.mp4
014-pyshark-basics.mp4
015-pyshark-adv.mp4