Where To Start Capturing Packets

Whether you’re a network engineer or security analyst at some point you’re going to need to dive into the packets to help solve a problem.Story Time:Shortly after I earned my CCIE I was faced with a packet analysis challenge. I was on-site visiting with some team mates who managed a customer’s ne...
Published on June 05, 2022 | 10 min read

pcap Wireshark tcpdump

Working With Linux Cooked Capture Headers Using TraceWrangler

The ProblemSometimes when loading a PCAP into various tools you get a cryptic error: an interface has a type 1 different from the type of the first interface. I had one PCAP that would generate various errors in different tools.The EvidenceBrim:See this Github issue I raised.Zeek:root@server:~/ct...
Published on April 12, 2021 | 3 min read

pcap tracewrangler tcpdump