I have a capture file that i want to find certain details about, i used wireshark to open this capture file and im trying to figure how to find the name of the tool the attacker used. is there any indications or things i could 开发者_如何学Pythonlook for from this capture file that lets me know.
With wireshark you learn more about the method by which they attacked you (ie ping flooding or spanning tree attacks) vs using a program like cain or some Security Suite. If you want to find the tool, I suggest find a tool and testing the attack that you think they used, and compare packet traffic.
You may have better luck using Snort to analyze the packet capture file. In addition to a sniffing tool, it provides intrusion detection and signature analysis, and is more geared toward the type of analysis you're looking for, whereas Wireshark is primarily a (very good) pure network sniffer.
I haven't used it in this capacity (only as a sniffer), but I know it allows you to analyze past captures, and from re-skimming the docs just now, it looks like it will likely do what you want to do.
Whether it can identify real 0-day exploits is another matter, that's dependent upon how quickly they update/release their signatures, but most script kiddies don't use 0-day anyway.
ETA: It looks like they require an account nowadays, but it also appears that, at least for the normal accounts, they're free. They also seem to offer a subscription service, but the registered user signature files are hopefully current enough to identify the attack.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论