X hits on this document

195 views

0 shares

0 downloads

0 comments

37 / 47

Orion Incident Response Live CD

3

following and more: argus, chaosreader, dnstop, dsniff, ettercap, snort, tcpflow, tcpick, tshark. These tools were chosen from a combination of personal analyst experience and tips from other researchers gleaned from the web (“Tshark examples”, 2010). The output of those tools quickly provides the analyst with TCP session info, DNS lookup statistics, HTTP headers, extracted files, and other valuable information. Since this is done by a script, the same commands are run each time, and junior members can do the work without a lot of guidance by more senior team members.

John Jarocki, john.jarocki@gmail.com

Document info
Document views195
Page views196
Page last viewedSun Jan 22 01:45:48 UTC 2017
Pages47
Paragraphs864
Words8806

Comments