X hits on this document

150 views

0 shares

0 downloads

0 comments

37 / 47

Orion Incident Response Live CD

3

following and more: argus, chaosreader, dnstop, dsniff, ettercap, snort, tcpflow, tcpick, tshark. These tools were chosen from a combination of personal analyst experience and tips from other researchers gleaned from the web (“Tshark examples”, 2010). The output of those tools quickly provides the analyst with TCP session info, DNS lookup statistics, HTTP headers, extracted files, and other valuable information. Since this is done by a script, the same commands are run each time, and junior members can do the work without a lot of guidance by more senior team members.

John Jarocki, john.jarocki@gmail.com

Document info
Document views150
Page views151
Page last viewedThu Dec 08 16:21:44 UTC 2016
Pages47
Paragraphs864
Words8806

Comments