Find Hackers on your network with Wireshark - 10 signs to look for!
Рет қаралды 2,829
Күн бұрынAn intro video for finding hackers or anomalous behavior on your network in a packet capture with Wireshark. Plenty of stuff for beginners and something for everyone else too.
If you have any questions or ideas for future videos, please leave a comment and let me know.
Filters used:
**** I will add this list to my website soon and leave the link here. **
Scanning:
syn packets - with no matching ack:
(tcp.flags.syn == True) && (tcp.completeness.syn-ack == False)
TCP reset packets:
tcp.flags.reset
DNS:
dns
DNS server failure or no such name:
dns.flags.rcode == 2 or dns.flags.rcode == 3
user to user traffic:
put in your user networks in a filter like:
ip.addr == x.x.x.x/24 and ip.addr==x.x.x.x/24
Web enumuration:
http.request.method == "GET"
Web logins:
tcp matches "login"
http.request.method == "POST"
tcp matches "password"
login errors:
http.response.code gt 200
responder:
nbns
nbns.flags.response == True
logging in to machine running responder:
ntlmssp
service controller:
svcctl
kerberoasting, the enctype 23 id RC4 encryption:
kerberos && kerberos.enctype==23
not my dhcp - Put your DNS servers in {}
dhcp and ip.addr not in {192.168.1.150, 192.168.2.150, 192.168.100.150} && (dhcp.option.dhcp == 2 || dhcp.option.dhcp == 5 || dhcp.option.dhcp == 5)
not my dns - responses - Put your DHCP servers in {}
(dns and ip.addr not in {192.168.1.150, 192.168.2.150, 192.168.100.150}) && (dns.flags.response == True)
ipv6 traffic filter:
ipv6
Timestamps:
00:00 Start
0:15 User vs Hacker
0:51 Port Scanning
1:27 DNS enumeration
2:01 User to user traffic
2:33 Attacking web servers - Enumeration
2:58 Attacking web servers - Passwords
3:34 NBNS & Responder
4:10 Manipulating services
4:38 Kerberoasting
5:25 Rogue DNS or DHCP
6:01 IPv6 / MITM6
6:21 Conclusion
@rsleepy255 24 күн бұрын
Really hope your channel gets big because i am looking forward for your future videos!
@LanWanNinja 24 күн бұрын
Thanks! And I am hoping the same thing!!
@d1m18 26 күн бұрын
Thank you. Can't wait for the next video
@LanWanNinja 26 күн бұрын
Thanks!! Next one coming soon!
@Montanafide Ай бұрын
WOO!! so nice I had to watch it twice! ;)
@LanWanNinja Ай бұрын
Thanks, I'm glad you really liked it!
@traggums Ай бұрын
Just found your channel, great info and editing - Subscribed! Lookin forward to more content :)
@LanWanNinja Ай бұрын
Thanks!! More content is definitely in progress now.
@nachonacho9785 29 күн бұрын
Insightful video thanks 🙏🏽
@LanWanNinja 29 күн бұрын
Thanks for watching! And stay tuned, the deep dives and more to come soon.
@RatStikerz Ай бұрын
this is so well produced and informative, glad i subscribed 😮💨
@LanWanNinja Ай бұрын
Thanks so much!! I'm glad you subscribed too!
@comosaycomosah Ай бұрын
man this was goood! glad i found your channel
@LanWanNinja Ай бұрын
Thanks! I'm glad you found my channel too. Stay tuned for the deep dives in this series. Thanks for watching!
@comosaycomosah Ай бұрын
@@LanWanNinja for sure! Def will check it out man
@joepa3912 Ай бұрын
This is great! I look forward to your future posts! :)
@LanWanNinja Ай бұрын
Thank you!!
@wisteela Ай бұрын
Great video. Subscribed.
@LanWanNinja Ай бұрын
Thanks! I'm really glad you liked it.
@carsonjamesiv2512 27 күн бұрын
GOOD STUFF!😃👍❗️😎
@LanWanNinja 27 күн бұрын
Thanks much for watching. More videos are on the way!
@zadekeys2194 Ай бұрын
Everything is just a pattern. Being able to identify the pattern is critical, be that with the naked eye or tooling.
@LanWanNinja Ай бұрын
Yep, I totally agree. And thanks for watching!
@The_Coffee_Loving_Engineer_HND Ай бұрын
This is a good video. I'll definitely be inspecting my network later. I haven't had a chance to watch all of your other videos, but if you haven't covered it yet you may want to do a video on network segmentation and VLAN. I don't want to mention anything specific about my network, but as my network grows, I'm trying to segment my network so if one section falls the other sections can survive.
@LanWanNinja Ай бұрын
Thanks! glad you liked it. I think segmentation and VLAN would be a great video to do after I do the deep dives for this video too.
@The_Coffee_Loving_Engineer_HND Ай бұрын
@@LanWanNinja Yeah, I've been meaning to watch more of your videos. It's been on the back burner for months. I'm not a network engineer, but working at small to mid-sized companies means I get called upon to be the IT guy at times. Usually when something goes catastrophically wrong. So naturally I want to take steps to minimize that. OH! And it's fun!
@LanWanNinja Ай бұрын
I hear ya on the "Usually when something goes catastrophically wrong" part. That seems pretty normal. I have fun with it too. I realized today while working on something, that I was just guessing what was going on until I took a packet capture. I found out that it was something TOTALLY different.
@HindiKahani931 14 күн бұрын
How to anylize live connect person ip with wireshark
@LanWanNinja 14 күн бұрын
Thanks for watching! Is this a question or a suggestion for another video?
@privateness.network 29 күн бұрын
very well done!
@LanWanNinja 29 күн бұрын
Thank you. And thanks for watching!
LanWanNinja
Рет қаралды 2,2 М.
Coding with Lewis
Рет қаралды 546 М.
techno breako
Рет қаралды 130
LanWanNinja
Рет қаралды 184
Plaintext Packets
Рет қаралды 11 М.
Kasim Tech
Рет қаралды 4,1 МЛН
notebook-31
Рет қаралды 65 М.