Find Hackers on your network with Wireshark - 10 signs to look for!
Ғылым және технология
An intro video for finding hackers or anomalous behavior on your network in a packet capture with Wireshark. Plenty of stuff for beginners and something for everyone else too.
If you have any questions or ideas for future videos, please leave a comment and let me know.
Filters used:
**** I will add this list to my website soon and leave the link here. **
Scanning:
syn packets - with no matching ack:
(tcp.flags.syn == True) && (tcp.completeness.syn-ack == False)
TCP reset packets:
tcp.flags.reset
DNS:
dns
DNS server failure or no such name:
dns.flags.rcode == 2 or dns.flags.rcode == 3
user to user traffic:
put in your user networks in a filter like:
ip.addr == x.x.x.x/24 and ip.addr==x.x.x.x/24
Web enumuration:
http.request.method == "GET"
Web logins:
tcp matches "login"
http.request.method == "POST"
tcp matches "password"
login errors:
http.response.code gt 200
responder:
nbns
nbns.flags.response == True
logging in to machine running responder:
ntlmssp
service controller:
svcctl
kerberoasting, the enctype 23 id RC4 encryption:
kerberos && kerberos.enctype==23
not my dhcp - Put your DNS servers in {}
dhcp and ip.addr not in {192.168.1.150, 192.168.2.150, 192.168.100.150} && (dhcp.option.dhcp == 2 || dhcp.option.dhcp == 5 || dhcp.option.dhcp == 5)
not my dns - responses - Put your DHCP servers in {}
(dns and ip.addr not in {192.168.1.150, 192.168.2.150, 192.168.100.150}) && (dns.flags.response == True)
ipv6 traffic filter:
ipv6
Timestamps:
00:00 Start
0:15 User vs Hacker
0:51 Port Scanning
1:27 DNS enumeration
2:01 User to user traffic
2:33 Attacking web servers - Enumeration
2:58 Attacking web servers - Passwords
3:34 NBNS & Responder
4:10 Manipulating services
4:38 Kerberoasting
5:25 Rogue DNS or DHCP
6:01 IPv6 / MITM6
6:21 Conclusion
Пікірлер: 35
Really hope your channel gets big because i am looking forward for your future videos!
@LanWanNinja
26 күн бұрын
Thanks! And I am hoping the same thing!!
Thank you. Can't wait for the next video
@LanWanNinja
29 күн бұрын
Thanks!! Next one coming soon!
WOO!! so nice I had to watch it twice! ;)
@LanWanNinja
Ай бұрын
Thanks, I'm glad you really liked it!
Just found your channel, great info and editing - Subscribed! Lookin forward to more content :)
@LanWanNinja
Ай бұрын
Thanks!! More content is definitely in progress now.
Insightful video thanks 🙏🏽
@LanWanNinja
Ай бұрын
Thanks for watching! And stay tuned, the deep dives and more to come soon.
this is so well produced and informative, glad i subscribed 😮💨
@LanWanNinja
Ай бұрын
Thanks so much!! I'm glad you subscribed too!
man this was goood! glad i found your channel
@LanWanNinja
Ай бұрын
Thanks! I'm glad you found my channel too. Stay tuned for the deep dives in this series. Thanks for watching!
@comosaycomosah
Ай бұрын
@@LanWanNinja for sure! Def will check it out man
This is great! I look forward to your future posts! :)
@LanWanNinja
Ай бұрын
Thank you!!
Great video. Subscribed.
@LanWanNinja
Ай бұрын
Thanks! I'm really glad you liked it.
GOOD STUFF!😃👍❗️😎
@LanWanNinja
Ай бұрын
Thanks much for watching. More videos are on the way!
Everything is just a pattern. Being able to identify the pattern is critical, be that with the naked eye or tooling.
@LanWanNinja
Ай бұрын
Yep, I totally agree. And thanks for watching!
This is a good video. I'll definitely be inspecting my network later. I haven't had a chance to watch all of your other videos, but if you haven't covered it yet you may want to do a video on network segmentation and VLAN. I don't want to mention anything specific about my network, but as my network grows, I'm trying to segment my network so if one section falls the other sections can survive.
@LanWanNinja
Ай бұрын
Thanks! glad you liked it. I think segmentation and VLAN would be a great video to do after I do the deep dives for this video too.
@The_Coffee_Loving_Engineer_HND
Ай бұрын
@@LanWanNinja Yeah, I've been meaning to watch more of your videos. It's been on the back burner for months. I'm not a network engineer, but working at small to mid-sized companies means I get called upon to be the IT guy at times. Usually when something goes catastrophically wrong. So naturally I want to take steps to minimize that. OH! And it's fun!
@LanWanNinja
Ай бұрын
I hear ya on the "Usually when something goes catastrophically wrong" part. That seems pretty normal. I have fun with it too. I realized today while working on something, that I was just guessing what was going on until I took a packet capture. I found out that it was something TOTALLY different.
How to anylize live connect person ip with wireshark
@LanWanNinja
16 күн бұрын
Thanks for watching! Is this a question or a suggestion for another video?
very well done!
@LanWanNinja
Ай бұрын
Thank you. And thanks for watching!