x/handbook
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
handbook/tools/7.Packets-Analysis/Wireshark.md
Anton Nesterov ef61970934
vault backup: 2024-08-31 03:03:39
2024-08-31 03:03:39 +02:00

55 lines
1.2 KiB
Markdown
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

## What is Wireshark and How to Use It?
Wireshark is an industry-standard tool for network protocol analysis and is essential in any traffic and packet investigation. You can view, save and break down the network traffic with it. You can learn more about Wireshark by completing the [**Wireshark module**](https://tryhackme.com/module/wireshark).
## Commands
Filters
```
dns
```
Statistics
```
Statistic ---> Capture Files Properties
```
- Give many information about packets
- Number of packets
- Time
- Other Very useful elements...
Protocol Hierachy
```
Statistics ---> Protocol Hierachy
```
- Give information about the packets (type)
- ex: how many HTTP packets have been sent, ...
Conversation
```
Statistics ---> Conversation
```
- Analyse the number of packet sent to each ports
- Very great to detemine where the attack took place (what service)
Resolved Address
```
Statistics ---> Resolved Address / All entries to HOST
```
- Allow to see with what DNS was the packet sent
Download Files (Img, PDF, EXE)
```
File ---> export object ---> HTTP (Download the desired file)
```
- Allow you to download a file that has been downloaded by someone else during the time you capture the packets
Reference in a new issue View git blame Copy permalink