Networkforensic

Cyber threat hunting

Network forensic tools

Profiles to Wireshark
Unzip and import into the Wireshark profiles folder (Restart Wireshark)

iSCSI profile
Hunting for iSCSI auth traffic and authentications. Easy to spot with this profile 

 

DHCP Profile
Often you will hust for e rough DHCP server placed on your network. This profile will make this very easy.

 

DNS Profile
This will make DNS identification easy and bring DNS traffic to life in Wireshark

 

SMB Profile
This will bring the analysis of SMB and SMB2 (SMB3) network traffic to life in Wireshark. These are the normal evidence items you will look for in SMB traffic. Tested Wireshark V2.6.3

 

DDOS profile
Based on my work for an ISP and the manage of Advanced DDOS mitigation. This is based on known DDOS attacks. You can analyze the type of attack quite fast. Tested Wireshark V2.6.3

 

Magic numbers profile
Based on file types and there magic numbers it is easy to look for different file types in network traffic like exe files and so on, hidden innetwork traffic. Tested Wireshark V2.6.3


Geolite2 databases for wireshark
Wireshark can do name resolution on captured traffic - Tested Wireshark V2.6.3