![]() ![]() You actually get the command-line version when you install the wireshark-gnome package. You can install the command-line-only version with: sudo yum –y install Wireshark Yes, I suggest that you install the graphical version. For Red Hat Linux-based systems, installing is easy with: sudo yum –y install wireshark-gnome The first thing you need to do is install Wireshark. Gather as much information about an incident and network behavior as possible with different tools and from different perspectives. Such reliance reminds me of the Indian parable of the blind men and the elephant, where each man experiences a different part of the elephant and makes assumptions about the entire animal based on limited information. However, be cautious of relying too heavily on any single tool for complete analysis. Wireshark is a powerful tool that should be part of a system or security administrator’s arsenal of tools. It is no substitute for a SIEM, although its data can be used for some of the same activities, such as event correlation and forensic packet analysis. It is not a security information and event management (SIEM) suite nor should it be “sold” to management as such. There are many other tasks one can perform with Wireshark, but these are the ones most often listed by legitimate users (see the “Hackers Beware” box).Ī final word on what Wireshark is not.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |