A naukri.com initiative
Hackers-Arise
14h
65
Image Credit: Hackers-Arise
Network Forensics: Getting Started With Stratoshark
- Stratoshark is introduced as a companion application to Wireshark, focusing on system call analysis and obtaining deeper insights into system activity.
- It captures system activity directly from the Linux kernel, using libsinsp and libscap libraries to create .scap files for detailed analysis.
- Stratoshark extends cloud security monitoring by collecting audit logs and retrieving AWS CloudTrail logs for potential threat analysis.
- System calls are standard functions that applications use to interact with external devices, managed by the operating system for hardware abstraction.
- Stratoshark supports multiple capture sources like Falcodump and Sshdig for recording system calls and logs.
- Key features of Stratoshark include real-time system activity monitoring, comprehensive filtering options, cloud integration, visualization tools, container visibility, and threat detection.
- It uses visual indicators to identify different system calls and potential security issues, similar to Wireshark's color-coding for packet types.
- Stratoshark and Wireshark focus on system calls and network packets respectively, complementing each other in system observation.
- For Windows and macOS, development packages are available through Wireshark's automated builds, while Linux users need to build Stratoshark from source.
- Stratoshark's interface mirrors Wireshark's layout, with a clean workspace designed for system call analysis.
- Analyzing SCAP files with Stratoshark involves exploring expandable headers like System Event, Arrival Time, Event Information, Process Information, and File Descriptor Information.
Read Full Article
3 Likes
For uninterrupted reading, download the app