How Well You Know the Wireshark (a.k.a. Ethereal) Analyzer and Use It to Decompose an Attack.

Posted on 1:20 PM by Bharathvn

The interviewer may provide you with output similar to Figure 7-2. The purpose of this question is to see how well you know the latest analytical tools to identify some of the latest application triggers and demonstrate how to decompose a packet. In this snapshot, you have a packet from a Bit-Torrent session in which the application is pinging peers. The triggers for Bit-Torrent are UDP payload strings of “2:id20:” and “4:ping.”

For more information on the WireShark/Ethereal network analyzer, Google “wireshark”

For more information on the Bit-Torrent protocol, Google “bittorrent faq”