Академический Документы
Профессиональный Документы
Культура Документы
Joshua Wright
Senior Security Researcher | Aruba Networks
SHARKFEST '08
Foothill College
March 31 - April 2, 2008
Sample captures at
www.willhackforsushi.com/resources/sharkfest08-samples.zip
Introduction
Introduction
Wireshark and wireless analysis
Leveraging display filters
Customizing the display
Enhancing filters with macros
Searching for anomalies
Extracting data
Decrypting frame contents
Sample captures at
www.willhackforsushi.com/resources/sharkfest08-samples.zip
Introduction
Airpcap-specific toolbar
Leveraging Display Filters
3. Enter display
filter
2. Inspect selection
display status bar
Display Filter Operators
"Josh, Question for you. I've got a local wireless LAN that's
having serious performance problems, and I'm looking at some
packet captures in an attempt to diagnose the issue(s)."
Deauth floods are the port scans of the wired IDS world. They
are often misrepresented, and can easily make a smart
analyst look silly.
Filename: Kismet-May-02-2007-3.dump
retry eq 0 retry eq 1
IO Graphing for Retry Statistics
ack.bin file,
exported from
capture file
Injected frame
that has been
modified
Sample captures at
www.willhackforsushi.com/resources/sharkfest08-samples.zip