Implementing useful filters (Should know)

This recipe will show new parameters and filters of Tshark through practical examples that will help us to resolve many security incidents efficiently. We'll see how to locate malicious domains in our network, how to create a passive DNS service, and how we can do specialized searches with certain display filters.

How to do it...

The method that follows shows how to implement useful filters using just Tshark.

Malicious domains

Knowing the pages to which users connect may be useful not only to meet web browsing patterns but also to locate infected computers. Here's an example:
```
bmerino@Mordor:$ tshark -R http.request -T fields -e http.host -r malware.pcap  | sort -u > domains
```
This command will dump all domains ...

Get Instant Traffic Analysis with Tshark How-to now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Instant Traffic Analysis with Tshark How-to by Borja Merino

Implementing useful filters (Should know)

How to do it...

Malicious domains

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly