Advanced Network Forensics (Wireshark)OutlineThis page gives an outline of how network forensics is used to trace network intrusions, and includes [tutorial]:
Wireshark TracesThe following uses the Wireshark display filter:
The page runs Tshark. Note that for Tshark replace "http matches \"\x89\x50\x4E\x47\"" with "http contains "89:50:4E:47"": C:\>"c:\Program Files\Wireshark"\tshark -Y "http contains "89:50:4E:47"" -r with_png.pcap |