Page 1 of 1 [ 16 posts ] 

slave
Veteran
Veteran

User avatar

Joined: 28 Feb 2012
Age: 113
Gender: Male
Posts: 4,420
Location: Dystopia Planetia

03 Aug 2015, 4:25 pm

I read that it is a network protocol analyzer, but could it be used to learn more about the activities of a single PC?

What kind of info does Wireshark generate?

Forgive my n00bism. :oops:



Ichinin
Veteran
Veteran

User avatar

Joined: 3 Apr 2009
Gender: Male
Posts: 3,653
Location: A cold place with lots of blondes.

07 Aug 2015, 5:46 am

slave wrote:
I read that it is a network protocol analyzer, but could it be used to learn more about the activities of a single PC?

What kind of info does Wireshark generate?


Wireshark only generate info that is generated from network traffic.

You can use it to reverse engineer network protocols, identify security vulnerabilities, identify malicious software (like trojan horses sending out information), identify network problems, validate that a program do what it is supposed to - and alot more.

And yes - it can show activities from one PC, you can set a capture filter to capture all I/O from only one host.

I use WS as a quick fix to see what is going on (mostly game related problems), but for long time captures i use TShark or TCPDump with specific capture filters.

Do you have a specific question about WS?



slave
Veteran
Veteran

User avatar

Joined: 28 Feb 2012
Age: 113
Gender: Male
Posts: 4,420
Location: Dystopia Planetia

10 Aug 2015, 11:56 pm

No not specific Q's per se.

Just wondering if it would help me learn/identify any packet transfers from hidden malware/viruses.
Is it basic and user friendly or advance pro only?

I never actually assume that my virus checkers are keep my PC 100%clean, there is likely s**t in there idk about.



Ichinin
Veteran
Veteran

User avatar

Joined: 3 Apr 2009
Gender: Male
Posts: 3,653
Location: A cold place with lots of blondes.

12 Aug 2015, 10:09 am

slave wrote:
Is it basic and user friendly or advance pro only?

I never actually assume that my virus checkers are keep my PC 100%clean, there is likely s**t in there idk about.


Its pro only. Requires moderate to deep knowledge about networks and protocols.

If you are worried about "crap" in your computer i suggest you buy some sort of antivirus security package with 1 year subscription that can take care of (most) security problems for your home PC.



slave
Veteran
Veteran

User avatar

Joined: 28 Feb 2012
Age: 113
Gender: Male
Posts: 4,420
Location: Dystopia Planetia

12 Aug 2015, 12:37 pm

Ichinin wrote:
slave wrote:
Is it basic and user friendly or advance pro only?

I never actually assume that my virus checkers are keep my PC 100%clean, there is likely s**t in there idk about.


Its pro only. Requires moderate to deep knowledge about networks and protocols.

If you are worried about "crap" in your computer i suggest you buy some sort of antivirus security package with 1 year subscription that can take care of (most) security problems for your home PC.


Thanks for the info.
It is well beyond me then.
I'll stick with the AV for dummies fare. :lol:



cberg
Veteran
Veteran

User avatar

Joined: 31 Dec 2011
Gender: Male
Posts: 12,183
Location: A swiftly tilting planet

12 Aug 2015, 12:47 pm

I'd suggest Ettercap. I prefer to be the packet filter...


_________________
"Standing on a well-chilled cinder, we see the fading of the suns, and try to recall the vanished brilliance of the origin of the worlds."
-Georges Lemaitre
"I fly through hyperspace, in my green computer interface"
-Gem Tos :mrgreen:


slave
Veteran
Veteran

User avatar

Joined: 28 Feb 2012
Age: 113
Gender: Male
Posts: 4,420
Location: Dystopia Planetia

12 Aug 2015, 1:01 pm

cberg wrote:
I'd suggest Ettercap. I prefer to be the packet filter...


Thanks cberg, what knowledge level does it require?



cberg
Veteran
Veteran

User avatar

Joined: 31 Dec 2011
Gender: Male
Posts: 12,183
Location: A swiftly tilting planet

13 Aug 2015, 2:42 am

Pretty minimal knowledge, just an inkling of where to build workflows from the various payloads and header stats the logged packets give you. That's been my experience anyhow...


_________________
"Standing on a well-chilled cinder, we see the fading of the suns, and try to recall the vanished brilliance of the origin of the worlds."
-Georges Lemaitre
"I fly through hyperspace, in my green computer interface"
-Gem Tos :mrgreen:


slave
Veteran
Veteran

User avatar

Joined: 28 Feb 2012
Age: 113
Gender: Male
Posts: 4,420
Location: Dystopia Planetia

13 Aug 2015, 9:31 pm

cberg wrote:
Pretty minimal knowledge, just an inkling of where to build workflows from the various payloads and header stats the logged packets give you. That's been my experience anyhow...


Thank you, cberg. :D

From what I read it can be used as a means of attacking, though no doubt it also has more benign utility. It would take me years to get to up to a junior script kiddie level. I'm only looking for purely self-defense and programs that can help me to know what cyberorganisms may be in my PC that free AV programs are missing.

Ignorance is TRULY NOT bliss.(for me anyway)

I hate not knowing. Put me in a cadaver lab and you'd think I'm a genius. :lol: However, on this topic I am ignorant.

I don't trust the AV programs and given the ubiquity of zero-day exploits I don't know why anyone would.

I sooooo envy those of you who have knowledge in this area.

If anyone has any suggestions for this cyber-idiot I be grateful. :)



cberg
Veteran
Veteran

User avatar

Joined: 31 Dec 2011
Gender: Male
Posts: 12,183
Location: A swiftly tilting planet

13 Aug 2015, 9:59 pm

If one were to look at a PC in the terms of a cadaver (often quite apt terms indeed), a dedicated *usually simpler* PC running such traffic analyzers among other security tools could be equated to an fMRI machine. Running a single program on one machine where conditions might hinder it often adds up to something like the Garrett metal detector wand that finds the fillings, surgical screws and piercings before John Doe gets entrusted to the likes of GE, Siemens and so on.

It's not really 0 day vulnerabilities that ordinarily concern me; you'll probably find more of what you're interested in looking at out-of-scope trojans such as Stuxnet. The NSA's 'Equation Group' can clone an entire operating system with remote administrative privileges between boots, effectually there's nothing safe about powering a computer on anymore. It's really all a matter of learning enough of this stuff to accomplish some data recovery and efficiently re-image machines when someone does manage to shove their way in.


_________________
"Standing on a well-chilled cinder, we see the fading of the suns, and try to recall the vanished brilliance of the origin of the worlds."
-Georges Lemaitre
"I fly through hyperspace, in my green computer interface"
-Gem Tos :mrgreen:


cberg
Veteran
Veteran

User avatar

Joined: 31 Dec 2011
Gender: Male
Posts: 12,183
Location: A swiftly tilting planet

13 Aug 2015, 10:08 pm

Fedora Security Lab is what I run personally, though lately I've preferred using it with a group install in the shinier 'Gnome' visual environment.


_________________
"Standing on a well-chilled cinder, we see the fading of the suns, and try to recall the vanished brilliance of the origin of the worlds."
-Georges Lemaitre
"I fly through hyperspace, in my green computer interface"
-Gem Tos :mrgreen:


slave
Veteran
Veteran

User avatar

Joined: 28 Feb 2012
Age: 113
Gender: Male
Posts: 4,420
Location: Dystopia Planetia

15 Aug 2015, 8:00 pm

cberg wrote:
If one were to look at a PC in the terms of a cadaver (often quite apt terms indeed), a dedicated *usually simpler* PC running such traffic analyzers among other security tools could be equated to an fMRI machine. Running a single program on one machine where conditions might hinder it often adds up to something like the Garrett metal detector wand that finds the fillings, surgical screws and piercings before John Doe gets entrusted to the likes of GE, Siemens and so on.

It's not really 0 day vulnerabilities that ordinarily concern me; you'll probably find more of what you're interested in looking at out-of-scope trojans such as Stuxnet. The NSA's 'Equation Group' can clone an entire operating system with remote administrative privileges between boots, effectually there's nothing safe about powering a computer on anymore. It's really all a matter of learning enough of this stuff to accomplish some data recovery and efficiently re-image machines when someone does manage to shove their way in.


So they can create a copy of your OS and everything on your machine even when it is turned off :?: :!: :?: :!: 8O



Meistersinger
Veteran
Veteran

User avatar

Joined: 10 May 2012
Gender: Male
Posts: 3,700
Location: Beautiful(?) West Manchester Township PA

15 Aug 2015, 8:39 pm

slave wrote:
cberg wrote:
If one were to look at a PC in the terms of a cadaver (often quite apt terms indeed), a dedicated *usually simpler* PC running such traffic analyzers among other security tools could be equated to an fMRI machine. Running a single program on one machine where conditions might hinder it often adds up to something like the Garrett metal detector wand that finds the fillings, surgical screws and piercings before John Doe gets entrusted to the likes of GE, Siemens and so on.

It's not really 0 day vulnerabilities that ordinarily concern me; you'll probably find more of what you're interested in looking at out-of-scope trojans such as Stuxnet. The NSA's 'Equation Group' can clone an entire operating system with remote administrative privileges between boots, effectually there's nothing safe about powering a computer on anymore. It's really all a matter of learning enough of this stuff to accomplish some data recovery and efficiently re-image machines when someone does manage to shove their way in.


So they can create a copy of your OS and everything on your machine even when it is turned off :?: :!: :?: :!: 8O


From my days at the Pentagon, as well as NRaD--RDT&E Div. Det. Warminster:

There is only one way you can truly make a computer safe and secure: 1. Never turn it on. 2. Never connect to any type of network.



slave
Veteran
Veteran

User avatar

Joined: 28 Feb 2012
Age: 113
Gender: Male
Posts: 4,420
Location: Dystopia Planetia

17 Aug 2015, 7:06 pm

Meistersinger wrote:
slave wrote:
cberg wrote:
If one were to look at a PC in the terms of a cadaver (often quite apt terms indeed), a dedicated *usually simpler* PC running such traffic analyzers among other security tools could be equated to an fMRI machine. Running a single program on one machine where conditions might hinder it often adds up to something like the Garrett metal detector wand that finds the fillings, surgical screws and piercings before John Doe gets entrusted to the likes of GE, Siemens and so on.

It's not really 0 day vulnerabilities that ordinarily concern me; you'll probably find more of what you're interested in looking at out-of-scope trojans such as Stuxnet. The NSA's 'Equation Group' can clone an entire operating system with remote administrative privileges between boots, effectually there's nothing safe about powering a computer on anymore. It's really all a matter of learning enough of this stuff to accomplish some data recovery and efficiently re-image machines when someone does manage to shove their way in.


So they can create a copy of your OS and everything on your machine even when it is turned off :?: :!: :?: :!: 8O


From my days at the Pentagon, as well as NRaD--RDT&E Div. Det. Warminster:

There is only one way you can truly make a computer safe and secure: 1. Never turn it on. 2. Never connect to any type of network.


I believe you.
Unless one is a professional or a very serious amateur, all a person can do is use reasonable precautions and hope for the best, it seems to me. :shrug: :shrug: :shrug: :shrug:



Ichinin
Veteran
Veteran

User avatar

Joined: 3 Apr 2009
Gender: Male
Posts: 3,653
Location: A cold place with lots of blondes.

18 Aug 2015, 12:07 am

slave wrote:
I believe you.
Unless one is a professional or a very serious amateur, all a person can do is use reasonable precautions and hope for the best, it seems to me. :shrug: :shrug: :shrug: :shrug:


You can use regular Antivirus software, if you are a private citizen, the chance of you being a target by NSA TAO or any other nation state similar specialist group is close to zero - not to hurt your feelings, but you are uninteresting to that kind of people.

If you are a professional, then you assume that you can be, or are compromised and only do your work on specific machines. I only do my work - at work (duuh), anyone compromising my home box will only find lesbian pr0n and my steam games collection (enjoy).

The probability that you will be able to identify malicious code using a sniffer given your current skills is also close to zero, take my advice - get some good AV software that also block crap in your browser. Then start learning about viruses, trojans, adware and how browsers are a primary vector of infection nowadays - when you have enough skill to know what to look for, then you will start finding things.



slave
Veteran
Veteran

User avatar

Joined: 28 Feb 2012
Age: 113
Gender: Male
Posts: 4,420
Location: Dystopia Planetia

18 Aug 2015, 12:33 pm

Ichinin wrote:
slave wrote:
I believe you.
Unless one is a professional or a very serious amateur, all a person can do is use reasonable precautions and hope for the best, it seems to me. :shrug: :shrug: :shrug: :shrug:


You can use regular Antivirus software, if you are a private citizen, the chance of you being a target by NSA TAO or any other nation state similar specialist group is close to zero - not to hurt your feelings, but you are uninteresting to that kind of people.

If you are a professional, then you assume that you can be, or are compromised and only do your work on specific machines. I only do my work - at work (duuh), anyone compromising my home box will only find lesbian pr0n and my steam games collection (enjoy).

The probability that you will be able to identify malicious code using a sniffer given your current skills is also close to zero, take my advice - get some good AV software that also block crap in your browser. Then start learning about viruses, trojans, adware and how browsers are a primary vector of infection nowadays - when you have enough skill to know what to look for, then you will start finding things.


Well said.
thanks :)