Auditing network attacks (Become an expert)

In this recipe you will learn how to identify well-known network attacks. Some of these attacks can have serious consequences in environments that do not implement appropriate countermeasures. We'll see how, with some skill with Tshark and by applying the correct filters, we can detect most of these attacks.

How to do it...

The examples that follow show how to detect some network attacks (internal and external) using just Tshark from the command line.

ARP spoofing

If you suspect that someone is playing with ARP traffic, it would be advisable to run Tshark in SPAN or HUB mode (see the Capturing traffic (Must know) recipe). Subsequently, a good start would be to look at the rate of ARP reply packets:
```
bmerino@Mordor:~$ ...
```

Get Instant Traffic Analysis with Tshark How-to now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Instant Traffic Analysis with Tshark How-to by Borja Merino

Auditing network attacks (Become an expert)

How to do it...

ARP spoofing

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly