Wireshark meetup
What’s happening in Wireshark at the moment? Also, hacking with Wireshark, how does that work? Both questions were addressed at the Wireshark meetup held at Rabobank. I was happy to join this meetup, meet some colleagues and many other people in person from other companies in the Netherlands who are working with Wireshark. The goal is to share knowledge about using Wireshark, protocol analysis and application/network troubleshooting.
- André LuyerPerformance Consultant
Wireshark Updates
First speaker up is Sake Blok, who explained that in March 2023 a non-profit Wireshark Foundation was started, to support the Wireshark community and why after almost 25 years since the launch of Wireshark this was necessary. Sake also shared new updates from Wireshark with us and showed examples with a demonstration. Wireshark has so many features that it is actually hard to keep up with all the new features. Sake explained the latest additions. For example the many improvements to the display filter engine. Most interesting to me were the new display filter arithmetic and field references.
Hacking with Wireshark
The next speaker was Stan Overgauw of Rabobank’s Red Team, who showed us how hackers can attack your organization.
While most users think of Wireshark as a troubleshooting tool, Stan showed that it can be used by hackers too: “I really like the remote capture option… because it doesn’t leave a trace”.
Stan demonstrated how to extract interesting, I mean sensitive, data from a network capture and use it in a hacking demonstration.
And I learned that you really should not be able to launch tcpdump via sudo. Google “postrotate” if you don’t know why 😉.
More, more,
Want to learn more? Be sure to join the Wireshark meetup for more interesting meetups!
About the author
- André LuyerPerformance Consultant