π Session, Presentation, Application Layer
Authentication Protocols
Crypto Protocols
This section encompasses all the protocols that aim to ensure confidentiality by encrypting the traffic.
Video and Audio
π οΈ dshell can be used to analyse a pcap file for the specific traffic types. Please refer to the Toolkit sections, Forensics Lab Setup for installation steps.
RDP
RDP Bitmap Cache. Windows developed RDPβsmall chunks of screenshots. The size of each is 64x64 bit.
Telnet
Ports: 23 π RTFM # If the Telnet port is open, you might try to log in with a user.
FTP and sFTP
This is about … .
π DHCP
Dynamic Host Configuration Protocol. Listening on 67 port. Sending from 68. Mechanism DHCP Discover (Broadcast) C-> S [new PC] π§Έ “I need an IP, I am new here.
π DNS
Domain Name System. Translates IPs to domain names like 192.168.1.1 to router.lan and visa versa.
π IRC
IRC stands for Internet Relay Chat. Used for instant messaging. Usually sits at port 6667. On Linux can be installed and run with sudo invoke-rc.
π SMB
Over TCP - 445 port Over NetBIOS API UDP - ports 137, 138 TCP - ports 137, 139 NBF (legacy) Powershell command + win reg for SMB 1,2,3.