mastodns.net is part of the decentralized social network powered by Mastodon.
MastoDNS is being run by DNS-OARC as part of our public benefit mission to support the DNS community.

Administered by:

Server stats:

22
active users

Learn more

#pcap

0 posts0 participants0 posts today

Have you ever wondered why your favorite web conferencing tool sometimes had bad video or audio quality? Did you experience problems connecting, when your VPN is active? Are you responsible, supporting users with their communication needs in diverse network environments?

Then this course is for you. Join Robert Hess & Matthias Kaiser as they explain the insides of the #WebRTC communication protocols used in most modern products and show our praxis-proven approach analyzing problems in this field. The course includes hands-on capturing and analyzing problem situations including firewall restrictions and proxy use. To the best of our abilities, we will also address your real live problems you bring to the table.

Join us in Vienna this fall: sharkfest.wireshark.org/sfeu

Join Phill Shade for his pre-conference class at SharkFest'24 EUROPE!

Class Title: Who is Hiding in the Shadows? - Identifying Network Intrusion with Wireshark

This course is for networking, government, and security personnel who must develop advanced packet investigation techniques by analyzing #PCAP-based evidence using Wireshark. Completing this course provides these individuals with a pathway into forensic analysis.

Find out more & sign up: sharkfest.wireshark.org/sfeu

#Wireshark#TCP#UDP

New at SharkFest'24 EUROPE, Chris Greer & Ross Bagurdes are teaching a core Wireshark skills class!

youtu.be/hPruLbqVfFY

COURSE TITLE:
Core Wireshark Skills for Network Engineers & Security Pros

COURSE SUMMARY:
Throughout this course, we are going to look at real-world examples of how to practically use Wireshark to solve network problems and isolate cybersecurity incidents. This skill will help AllOps (NetOps, SecOps, DevOps) engineers to improve in their analysis and troubleshooting skills. Labs have been designed to give real-world, hands-on experience with protocols using Wireshark.

MORE INFO: sharkfest.wireshark.org/sfeu

www.youtube.com - YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

Join Chris Greer (Packet Pioneer) & Ross Bagurdes at SharkFest'24 EUROPE 4-8 Nov in Vienna, Austria for a class you won't want to miss!

youtube.com/watch?v=hPruLbqVfF
sharkfest.wireshark.org/sfeu

COURSE TITLE:
Core Wireshark Skills for Network Engineers & Security Pros

COURSE SUMMARY:
Throughout this course, we are going to look at real-world examples of how to practically use Wireshark to solve network problems and isolate cybersecurity incidents. This skill will help AllOps (NetOps, SecOps, DevOps) engineers to improve in their analysis and troubleshooting skills. Labs have been designed to give real-world, hands-on experience with protocols using Wireshark.

WHO IS THE COURSE FOR:
Wireshark can be intimidating. I remember how it felt when I first started looking at a trace file with Wireshark. Questions started flooding into my mind: What should I look for? Where do I start? How can I find the packets that matter? What filters should I use? What is 'normal' and what can I ignore in all this data? I froze under the weight of all the detail in the packets. If you have ever felt that way when looking at a pcap, this is the course for you!

MORE INFO: sharkfest.wireshark.org/sfeu

www.youtube.com - YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

Check out a newly released video from SF22EU of a class by Chris Bidwell called "Wild PCAPs: The weird stuff is in the weeds".

youtu.be/IlhqFHz5Uys

For more sessions like this, join us in Vienna Austria this fall at SharkFest'24 EUROPE! sharkfest.wireshark.org/sfeu

Also we've got a large archive of exclusive sessions available from past conmferences for members on our YouTube channel, sign up today to access them!

youtube.com/@WireSharkFest/mem

www.youtube.com - YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

A new video from the SharkFest archives has been released!

youtu.be/rWHWOat5_Xg

Learn the basics of #Wireshark & packet capture with packet expert Jasper Bongertz in his "Packet Capture 101" class from SharkFest'22 US.

To attend more classes like this in person, sign up for SharkFest'24 US today!

sharkfest.wireshark.org/sfus #PCAP #packetanalysis

Heads up on my blog at www.malware-traffic-analysis.net

I've had to take the majority of posts from 2018 and eariler off-line. The material is still available in the "archive" section at malware-traffic-analysis.net/a

Due to issues with Google identifying pages as "serving malware" and problems I've had with Google saying my site is infected, I'm now using a new password scheme for the zip archives.

I've been slowly restoring individual posts as I convert all the zip archives to the new password scheme. I'm working my way backwards. All posts from 2019 through 2024 are back online, and I'm now restoring posts from 2018.

By my count, I've posted around 3,000 blog entries over the past 10 to 11 years, this will take a while before I'm finished.

If you need a #pcap or a malware sample from an older post, you have two options:

1) Go to the archive section and download the zip archive from the appropriate year. These are very large files, usually 2 to 3 GB. Unzip the downloaded zip archive (you'll have to do it twice, because it's a zip within a zip) and search through the content to find the entry you need. Zip files from these old archived blog entries all use the old password: infected

2) Email me at my blog email (available on the "about" page on the site) and ask me to restore a specific old blog post with the new password scheme.

With this taking up most of my free time, I'll have less time to do new blog posts. But the site is a valuable historic resource, and my focus now is restoring those old blog entries.

www.malware-traffic-analysis.netMalware-Traffic-Analysis.net - archived blog posts
Replied to Max Resing

Brief tests on my side:

I tested the #Linux #WebEx client myself. This client is an electron-based client, meaning it is running Chrome under the hood.

It is very hard to separate the wheat from the chaff, but I found one considerably chatty IP during my test video call was listening on an unencrypted port. Among many TCP/443 (TLS -encrypted HTTP) connections, there was one chatty connection to an IP on TCP/80. The content was mostly HTTP with the content type application/octet-stream. The IP was a subdomain behind.gvt1.comand part of the prefix34.104.0.0/14` (Google Cloud Platform).

Not exactly sure what this traffic could be. An application/octet-stream can be anything that is not further specified. The domain name in question was reported about before by bleepingcomputer.com.

As I said, it is hard to separate the wheat from the Chaff, thus I cannot tell the video/audio streaming somehow traverses over this It might be an artifact of Chrome/Electron. There were also many encrypted connections on TCP/443 and many ephemeral ports. I do not know, which ports WebEx is using by default, but I would expect QUIC or TCP/443.

Furthermore, WebEx claims on their website that they hold onto several security certifications, thus I would not expect them to cause the unencrypted traffic.

TLDR: When packet-capturing a test call on the Electron-based Linux WebEx client, I spotted an unencrypted HTTP application/octet-stream. Nevertheless, it is more likely legacy of Chrome/Electron rather than being the unencrypted audio or video data. I can not find any grossly insecure features that are easy to spot when video-streaming while using WebEx.