├── Ch1
    ├── Noobs KeyLogger
    │   └── Noobs Keylogger.pcap
    ├── README.md
    └── Two to Many
    │   └── twotomany.pcap
├── Ch10
    ├── Editcap Example
    │   ├── loki-bot_network_traffic.pcap
    │   ├── time_00000_20170428003310.pcap
    │   ├── time_00001_20170428003320.pcap
    │   ├── time_00002_20170428003337.pcap
    │   ├── time_00003_20170428003358.pcap
    │   └── time_00004_20170428003358.pcap
    ├── Loki-Bot Sample and Parser
    │   ├── loki-bot_network_traffic.pcap
    │   └── loki.py
    ├── PyShark Example
    │   └── main.py
    └── README.md
├── Ch2
    ├── Hack Attempts
    │   ├── Apache_Access_Logs_Compromised_User.log
    │   ├── Apache_Error_Logs_Compromised_User.log
    │   ├── AppServer.log
    │   ├── HackAttempts_Network_Capture.pcap
    │   └── Squid_Proxy_access_log.log
    └── README.md
├── Ch3
    ├── ICMP Camp
    │   └── icmp_camp.pcapng
    ├── README.md
    └── Unknown FTP
    │   └── FTP- Unknown-56.pcap
├── Ch4
    ├── README.md
    └── Statistical Flow Analysis
    │   └── FullPack.pcap
├── Ch5
    ├── Gnome PCAP Decode
    │   └── decode.py
    └── README.md
├── Ch6
    ├── Emoter Banking Trojan Sample
    │   └── 2018-11-14-Emotet-infection-with-IcedID-banking-Trojan.pcap
    ├── Hidden Tear
    │   └── hidden_tear_final_snipped.pcap.pcapng
    ├── LokiBot Analysis
    │   └── loki-bot_network_traffic.pcap
    └── README.md
├── Ch7
    ├── Case Study
    │   └── attack1.pcapng
    ├── Empire
    │   └── empire.pcap
    ├── Meterpreter
    │   ├── meterpreter_https.pcap
    │   ├── njssl
    │   │   └── njssl
    │   │   │   └── server.key
    │   └── shell_to_meterpreter(meterpreter_basic).pcapng
    └── README.md
├── Ch8
    ├── Case Study
    │   ├── backdoor.pcap
    │   └── bepache.log
    ├── Fortinet Logs
    │   └── fortinet_log.log
    ├── Proxy Logs
    │   └── prox_access.log
    ├── README.md
    └── SSH
    │   ├── ssh_adjusted.pcap
    │   ├── ssh_auth.log
    │   └── ssh_cap.pcap
├── Ch9
    ├── Case Study
    │   ├── final_show-01.cap
    │   └── final_show-02.cap
    ├── Exercises
    │   ├── deauth-01.cap
    │   ├── scan.py
    │   └── viper-01.cap
    ├── README.md
    └── Rogue Access Point
    │   └── beacon-01.cap
├── Challenges
    └── README.md
└── README.md


/Ch1/Noobs KeyLogger/Noobs Keylogger.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch1/Noobs KeyLogger/Noobs Keylogger.pcap


--------------------------------------------------------------------------------
/Ch1/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch1/README.md


--------------------------------------------------------------------------------
/Ch1/Two to Many/twotomany.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch1/Two to Many/twotomany.pcap


--------------------------------------------------------------------------------
/Ch10/Editcap Example/loki-bot_network_traffic.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch10/Editcap Example/loki-bot_network_traffic.pcap


--------------------------------------------------------------------------------
/Ch10/Editcap Example/time_00000_20170428003310.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch10/Editcap Example/time_00000_20170428003310.pcap


--------------------------------------------------------------------------------
/Ch10/Editcap Example/time_00001_20170428003320.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch10/Editcap Example/time_00001_20170428003320.pcap


--------------------------------------------------------------------------------
/Ch10/Editcap Example/time_00002_20170428003337.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch10/Editcap Example/time_00002_20170428003337.pcap


--------------------------------------------------------------------------------
/Ch10/Editcap Example/time_00003_20170428003358.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch10/Editcap Example/time_00003_20170428003358.pcap


--------------------------------------------------------------------------------
/Ch10/Editcap Example/time_00004_20170428003358.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch10/Editcap Example/time_00004_20170428003358.pcap


--------------------------------------------------------------------------------
/Ch10/Loki-Bot Sample and Parser/loki-bot_network_traffic.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch10/Loki-Bot Sample and Parser/loki-bot_network_traffic.pcap


--------------------------------------------------------------------------------
/Ch10/Loki-Bot Sample and Parser/loki.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch10/Loki-Bot Sample and Parser/loki.py


--------------------------------------------------------------------------------
/Ch10/PyShark Example/main.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch10/PyShark Example/main.py


--------------------------------------------------------------------------------
/Ch10/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch10/README.md


--------------------------------------------------------------------------------
/Ch2/Hack Attempts/Apache_Access_Logs_Compromised_User.log:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch2/Hack Attempts/Apache_Access_Logs_Compromised_User.log


--------------------------------------------------------------------------------
/Ch2/Hack Attempts/Apache_Error_Logs_Compromised_User.log:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch2/Hack Attempts/Apache_Error_Logs_Compromised_User.log


--------------------------------------------------------------------------------
/Ch2/Hack Attempts/AppServer.log:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch2/Hack Attempts/AppServer.log


--------------------------------------------------------------------------------
/Ch2/Hack Attempts/HackAttempts_Network_Capture.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch2/Hack Attempts/HackAttempts_Network_Capture.pcap


--------------------------------------------------------------------------------
/Ch2/Hack Attempts/Squid_Proxy_access_log.log:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch2/Hack Attempts/Squid_Proxy_access_log.log


--------------------------------------------------------------------------------
/Ch2/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch2/README.md


--------------------------------------------------------------------------------
/Ch3/ICMP Camp/icmp_camp.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch3/ICMP Camp/icmp_camp.pcapng


--------------------------------------------------------------------------------
/Ch3/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch3/README.md


--------------------------------------------------------------------------------
/Ch3/Unknown FTP/FTP- Unknown-56.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch3/Unknown FTP/FTP- Unknown-56.pcap


--------------------------------------------------------------------------------
/Ch4/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch4/README.md


--------------------------------------------------------------------------------
/Ch4/Statistical Flow Analysis/FullPack.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch4/Statistical Flow Analysis/FullPack.pcap


--------------------------------------------------------------------------------
/Ch5/Gnome PCAP Decode/decode.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch5/Gnome PCAP Decode/decode.py


--------------------------------------------------------------------------------
/Ch5/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch5/README.md


--------------------------------------------------------------------------------
/Ch6/Emoter Banking Trojan Sample/2018-11-14-Emotet-infection-with-IcedID-banking-Trojan.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch6/Emoter Banking Trojan Sample/2018-11-14-Emotet-infection-with-IcedID-banking-Trojan.pcap


--------------------------------------------------------------------------------
/Ch6/Hidden Tear/hidden_tear_final_snipped.pcap.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch6/Hidden Tear/hidden_tear_final_snipped.pcap.pcapng


--------------------------------------------------------------------------------
/Ch6/LokiBot Analysis/loki-bot_network_traffic.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch6/LokiBot Analysis/loki-bot_network_traffic.pcap


--------------------------------------------------------------------------------
/Ch6/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch6/README.md


--------------------------------------------------------------------------------
/Ch7/Case Study/attack1.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch7/Case Study/attack1.pcapng


--------------------------------------------------------------------------------
/Ch7/Empire/empire.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch7/Empire/empire.pcap


--------------------------------------------------------------------------------
/Ch7/Meterpreter/meterpreter_https.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch7/Meterpreter/meterpreter_https.pcap


--------------------------------------------------------------------------------
/Ch7/Meterpreter/njssl/njssl/server.key:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch7/Meterpreter/njssl/njssl/server.key


--------------------------------------------------------------------------------
/Ch7/Meterpreter/shell_to_meterpreter(meterpreter_basic).pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch7/Meterpreter/shell_to_meterpreter(meterpreter_basic).pcapng


--------------------------------------------------------------------------------
/Ch7/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch7/README.md


--------------------------------------------------------------------------------
/Ch8/Case Study/backdoor.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch8/Case Study/backdoor.pcap


--------------------------------------------------------------------------------
/Ch8/Case Study/bepache.log:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch8/Case Study/bepache.log


--------------------------------------------------------------------------------
/Ch8/Fortinet Logs/fortinet_log.log:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch8/Fortinet Logs/fortinet_log.log


--------------------------------------------------------------------------------
/Ch8/Proxy Logs/prox_access.log:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch8/Proxy Logs/prox_access.log


--------------------------------------------------------------------------------
/Ch8/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch8/README.md


--------------------------------------------------------------------------------
/Ch8/SSH/ssh_adjusted.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch8/SSH/ssh_adjusted.pcap


--------------------------------------------------------------------------------
/Ch8/SSH/ssh_auth.log:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch8/SSH/ssh_auth.log


--------------------------------------------------------------------------------
/Ch8/SSH/ssh_cap.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch8/SSH/ssh_cap.pcap


--------------------------------------------------------------------------------
/Ch9/Case Study/final_show-01.cap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch9/Case Study/final_show-01.cap


--------------------------------------------------------------------------------
/Ch9/Case Study/final_show-02.cap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch9/Case Study/final_show-02.cap


--------------------------------------------------------------------------------
/Ch9/Exercises/deauth-01.cap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch9/Exercises/deauth-01.cap


--------------------------------------------------------------------------------
/Ch9/Exercises/scan.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch9/Exercises/scan.py


--------------------------------------------------------------------------------
/Ch9/Exercises/viper-01.cap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch9/Exercises/viper-01.cap


--------------------------------------------------------------------------------
/Ch9/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch9/README.md


--------------------------------------------------------------------------------
/Ch9/Rogue Access Point/beacon-01.cap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Ch9/Rogue Access Point/beacon-01.cap


--------------------------------------------------------------------------------
/Challenges/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/Challenges/README.md


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nipunjaswal/networkforensics/HEAD/README.md


--------------------------------------------------------------------------------