Imagine this scenario: You’re an analyst for a large organization, and you suspect there’s an infected box. You decide to analyze the outbound network traffic. You SSH to the firewall and do a packet capture with tcpdump. This is a 10.0.0.0/24 network with 200 subnets traveling through the firewall. With a 24 bit subnet mask,…
This post will demonstrate how to capture packets with tcpdump and analyze them with Wireshark. I’m going to capture the traffic of me logging into the website http://testphp.vulnweb.com/login.php. It’s an unencrypted communication, so I’ll be able to capture the password. First, open a terminal in Kali Linux. You need to find the name of the…