Hands-On TCP/IP Deep Dive with Wireshark - How this stuff really works

Presented at DEF CON 31 (2023), Aug. 12, 2023, 2 p.m. (240 minutes).

Let's break out Wireshark and dig deep in to the TCP and IP protocols. This skill is critical for anyone interested in any area of cybersecurity, no matter the color of the hat. Almost all enumeration, scans, incident response, and traffic forensics require the analyst to dig into and interpret TCP conversations. When enumerating an environment, identifying key TCP/IP indicators in protocol headers can also help when passively fingerprinting systems. In this workshop we will roll back our sleeves and learn how TCP/IP really works - the handshake, options, sequence/ack numbers, retransmissions, TTL, and much more. This workshop welcomes all cybersecurity and wireshark experience levels. Skill Level: Beginner to Intermediate Prerequisites for students: - Just a laptop with a copy of Wireshark. - I will provide the sample pcaps for analysis. Materials or Equipment students will need to bring to participate: - Laptop

Presenters:

  • Chris Greer - Network Analyst and Wireshark Instructor at Packet Pioneer
    Chris Greer is a network analyst and Wireshark instructor for Packet Pioneer, a Wireshark University partner. He has focused much of his career at the transport layer, specifically TCP, specializing in how this core protocol works to deliver applications, services, and attacks between systems. Chris is a regular speaker at Sharkfest - the Wireshark Developer and User Conference. He has presented at DEFCON and other industry conferences and regularly posts Wireshark analysis tips to his YouTube channel.

Similar Presentations: