final presentation

document.tex

@@ -114,9 +114,8 @@
 \end{itemize}
 \vfill
 \begin{block}{Example: Capturing traffic from \texttt{eth0}}
-	\lstinputlisting[language=bash,numbers=none]{sources/tcpdump.sh}
+	\lstinputlisting[language=bash,numbers=none,linerange={1-1}]{sources/tcpdump.sh}
 \end{block}
-
 \end{frame}
 
 
@@ -124,35 +123,54 @@
 \begin{frame}
 \frametitle{Wireshark}
 \begin{itemize}
-	\item How do you capture the traffic?
+	\item Open a \texttt{.dump} file OR capture from NIC
+	\item Filter traffic
 	\begin{itemize}
-		\item tcpdump (CLI)
-		\item Wireshark (GUI)
+		\item Big variety of supported protocols
+		\item Filter rules down to single bits of a protocol possible
+		\item Where should I start?
 	\end{itemize}
 \end{itemize}
-\vfill
-\begin{block}{Example: Capturing traffic from \texttt{eth0}}
-	\lstinputlisting[language=bash,numbers=none]{sources/tcpdump.sh}
-\end{block}
-
 \end{frame}
 
-\section{Wireshark}
 \begin{frame}
 \frametitle{Wireshark}
 \begin{itemize}
 	\item Find the interesting parts in a dump: Filter packets
 	\begin{itemize}
-		\item tcpdump (CLI)
-		\item Wireshark (GUI)
+		\item by IP address,
+		\item port number,
+		\item protocol flag,
+		\item \ldots
+	\end{itemize}
+	\item \texttt{Menu->Analyze->Follow->* Stream}
+	\begin{itemize}
+		\item Displays the payload of one connection (SYN to FIN)
 	\end{itemize}
 \end{itemize}
 \vfill
-\begin{block}{Example: Capturing traffic from \texttt{eth0}}
-	\lstinputlisting[language=bash,numbers=none]{sources/tcpdump.sh}
+\begin{block}{Example: Filtering packets in Wireshark}
+	\lstinputlisting[language=bash,numbers=none,linerange={2-4}]{sources/tcpdump.sh}
 \end{block}
 
 \end{frame}
 
+\section{Conclusion}
+\begin{frame}
+\frametitle{Conclusion}
+\begin{itemize}
+	\item TCPdump can also handle filter rules (same syntax)
+\end{itemize}
+\begin{block}{Example: TCPdump with filter rule}
+	\lstinputlisting[language=bash,numbers=none,linerange={5-5}]{sources/tcpdump.sh}
+\end{block}
+\begin{itemize}
+	\item TCPdump man page:\\
+	\url{www.tcpdump.org/manpages/tcpdump.1.html}
+	\item Wireshark User's Guide:  \\\url{www.wireshark.org/docs/wsug_html_chunked}
+\end{itemize}
+\end{frame}
+
+\section{Happy Dumpster Diving!}
 
 	\end{document}

header.tex

@@ -126,6 +126,7 @@
 	keywordstyle=\color{sigflagblue},
 	commentstyle=\color{sigflaggray},
 	stringstyle=\color{sigflaggreen},
+	showstringspaces=false
 	xleftmargin=8pt,
 	numbers=left,						%line numbers
 	numberstyle=\tiny,

sources/helloworld.c

@@ -1,6 +0,0 @@
-#include <stdio.h>
-
-int main(void)
-{
-    printf("hello, world\n");
-}

sources/helloworld.go

@@ -1,7 +0,0 @@
-package main
-
-import "fmt"
-
-func main() {
-    fmt.Println("Hello, World")
-}

sources/helloworld.java

@@ -1,5 +0,0 @@
-class HelloWorldApp {
-    public static void main(String[] args) {
-        System.out.println("Hello World!"); // Prints the string to the console.
-    }
-}

sources/helloworld.py

@@ -1 +0,0 @@
-print("Hello World")

sources/tcpdump.sh

@@ -1 +1,5 @@
 sudo tcpdump -i eth0 -w capture.dump
+ip.dst==192.168.1.1 and tcp.dstport==1337
+ip.addr==192.168.1.1 and tcp.port==1337
+tcp.flags.reset==1
+sudo tcpdump -i eth0 -w capture.dump "ip == 192.168.1.1 and tcp.port == 1337"