Find Hackers on your network with Wireshark - 10 signs to look for!
HTML-код
- Опубликовано: 31 май 2024
- An intro video for finding hackers or anomalous behavior on your network in a packet capture with Wireshark. Plenty of stuff for beginners and something for everyone else too.
If you have any questions or ideas for future videos, please leave a comment and let me know.
Filters used:
**** I will add this list to my website soon and leave the link here. **
Scanning:
syn packets - with no matching ack:
(tcp.flags.syn == True) && (tcp.completeness.syn-ack == False)
TCP reset packets:
tcp.flags.reset
DNS:
dns
DNS server failure or no such name:
dns.flags.rcode == 2 or dns.flags.rcode == 3
user to user traffic:
put in your user networks in a filter like:
ip.addr == x.x.x.x/24 and ip.addr==x.x.x.x/24
Web enumuration:
http.request.method == "GET"
Web logins:
tcp matches "login"
http.request.method == "POST"
tcp matches "password"
login errors:
http.response.code gt 200
responder:
nbns
nbns.flags.response == True
logging in to machine running responder:
ntlmssp
service controller:
svcctl
kerberoasting, the enctype 23 id RC4 encryption:
kerberos && kerberos.enctype==23
not my dhcp - Put your DNS servers in {}
dhcp and ip.addr not in {192.168.1.150, 192.168.2.150, 192.168.100.150} && (dhcp.option.dhcp == 2 || dhcp.option.dhcp == 5 || dhcp.option.dhcp == 5)
not my dns - responses - Put your DHCP servers in {}
(dns and ip.addr not in {192.168.1.150, 192.168.2.150, 192.168.100.150}) && (dns.flags.response == True)
ipv6 traffic filter:
ipv6
Timestamps:
00:00 Start
0:15 User vs Hacker
0:51 Port Scanning
1:27 DNS enumeration
2:01 User to user traffic
2:33 Attacking web servers - Enumeration
2:58 Attacking web servers - Passwords
3:34 NBNS & Responder
4:10 Manipulating services
4:38 Kerberoasting
5:25 Rogue DNS or DHCP
6:01 IPv6 / MITM6
6:21 Conclusion 
Наука
Really hope your channel gets big because i am looking forward for your future videos!
Thanks! And I am hoping the same thing!!
Thank you. Can't wait for the next video
Thanks!! Next one coming soon!
Insightful video thanks 🙏🏽
Thanks for watching! And stay tuned, the deep dives and more to come soon.
Just found your channel, great info and editing - Subscribed! Lookin forward to more content :)
Thanks!! More content is definitely in progress now.
WOO!! so nice I had to watch it twice! ;)
Thanks, I'm glad you really liked it!
Great video. Subscribed.
Thanks! I'm really glad you liked it.
man this was goood! glad i found your channel
Thanks! I'm glad you found my channel too. Stay tuned for the deep dives in this series. Thanks for watching!
@@LanWanNinja for sure! Def will check it out man
this is so well produced and informative, glad i subscribed 😮💨
Thanks so much!! I'm glad you subscribed too!
GOOD STUFF!😃👍❗️😎
Thanks much for watching. More videos are on the way!
This is great! I look forward to your future posts! :)
Thank you!!
This is a good video. I'll definitely be inspecting my network later.
I haven't had a chance to watch all of your other videos, but if you haven't covered it yet you may want to do a video on network segmentation and VLAN. I don't want to mention anything specific about my network, but as my network grows, I'm trying to segment my network so if one section falls the other sections can survive.
Thanks! glad you liked it. I think segmentation and VLAN would be a great video to do after I do the deep dives for this video too.
@@LanWanNinja Yeah, I've been meaning to watch more of your videos. It's been on the back burner for months. I'm not a network engineer, but working at small to mid-sized companies means I get called upon to be the IT guy at times. Usually when something goes catastrophically wrong. So naturally I want to take steps to minimize that. OH! And it's fun!
I hear ya on the "Usually when something goes catastrophically wrong" part. That seems pretty normal. I have fun with it too. I realized today while working on something, that I was just guessing what was going on until I took a packet capture. I found out that it was something TOTALLY different.
How to anylize live connect person ip with wireshark
Thanks for watching! Is this a question or a suggestion for another video?
Everything is just a pattern. Being able to identify the pattern is critical, be that with the naked eye or tooling.
Yep, I totally agree. And thanks for watching!
very well done!
Thank you. And thanks for watching!