Author Archive for Jasper
Every once in a while there is some news about Wireshark being vulnerable to being attacked/exploited/pwned, meaning that there is a way to craft frames/packets in a pcap/pcapng file to make Wireshark crash and (if done right) execute malicious code. So let’s take a look at what that means and what can be done about […]
Wireshark Column Setup Deepdive
Every once in a while I check the blog statistics for the searches that have brought visitors here. Most of them are more or less concealed versions of “how can I grab the password of others/my ex partner/my children/friends”, which comes as no surprise. Today I saw one search expression that I used as inspiration […]
PCAP Split and Merge
Sometimes it also happens during network troubleshooting engagements, but it is also common for analysis jobs regarding network forensics: dealing with huge number of packets, sometimes millions or more. Two typical situations may have you scratch your head: either you have one huge file containing all packets at once, or you have a ton of […]
Wireshark GeoIP resolution setup V2.0
I already wrote a blog post about setting up GeoIP resolution for Wireshark in 2013. Now, almost exactly five years later I had to decide if I replace that one with an updated version, or to write a second, updated post instead. I choose the second option.
A look at Cisco Tetration
Once again I was invited to join the group of delegates for Tech Field Day Extra at Cisco Live 2018 in Barcelona, with various presentations covering a number of new and improved Cisco technologies. One of them I had seen already last year at the same event in Berlin, but hadn’t had the time to […]
The Network Capture Playbook Part 6 – Planning Network Troubleshooting
In the previous posts of the Capture Playbook series we discussed various approaches about how to record packets, but before going into more elaborate techniques of doing that we should talk about how a network troubleshooting project works, and especially how to plan a capture setup. In my experience this aspect of a troubleshooting is […]
Sharkfest 2017 EU Recap
In 2017 the Sharkfest Wireshark user and developer conference happened once again in Europe – in the Hotel Palacio Estoril in Portugal, to be more specific.
Sharkfest 2017 US Recap – 10 years of Sharkfest!
Time always flies at Sharkfest, the annual Wireshark conference, and the 2017 edition – being the 10th Sharkfest in the US – has been no exception. On Friday Sake and me talked about how fast the 3 day conference had felt and we both agreed that “hm, it seems just to have started moments ago […]
A look at Paessler PRTG
During Tech Field Day Extra at Cisco Live Europe 2017 one of the presentations we attended was from Paessler, about their PRTG monitoring tool. I had only seen it once before, during a penetration test I performed at a customer site – and since it was running with default credentials it gave a very nice […]
Programmable ASICs in Cisco Switches
I know what a Cisco switch is. I know what an ASIC is – a processor designed for a special purpose that it can do it’s job faster than a generic purpose processor running the job in software. What I didn’t know is that it was also possible to build programmable ASICs.