Introduction to wireshark

WIRESHARK
==========

Wireshark is a free application that allows you to capture and view the data traveling back and forth on your network, providing the ability to drill down and read the contents of each packet – filtered to meet your specific needs. It is commonly utilized to troubleshoot network problems as well as to develop and test software. This open-source protocol analyzer is widely accepted as the industry standard, winning its fair share of awards over the years.

Originally known as Ethereal, Wireshark features a user-friendly interface that can display data from hundreds of different protocols on all major network types.

—————————————————————————–

Winpcap : Windows Packet Capturing Manager
USBpcap : USB extension for saving .cap file to usb drives.

——————————————————————————

Download : https://www.wireshark.org/download.html

Packet List :
==============

Time: The timestamp of when the packet was captured is displayed in this column.

Source: This column contains the address (IP or other) where the packet originated.

Destination: This column contains the address that the packet is being sent to.

Protocol: The packet’s protocol name (i.e., TCP) can be found in this column.

Length: The packet length, in bytes, is displayed in this column.

Info: Additional details about the packet are presented here. The contents of this column can vary greatly depending on packet contents.

Filters:
========

Filtering on the basis of IP

= ip.addr == IPADDRESS

For Filtering particular “source”
1. ip.src == 192.168.43.43

For Filtering particular “protocol”
2. dns

Using multiple Filters
3. dns && ip.src == 192.168.43.1

Filtering particular Destination
4. ip.dst == 192.168.43.43

Filtering Multiple Sources (Both Condition should be True)
5. ip.src == 192.168.43.43 && ip.src == 192.168.43.1

Filtering Multiple Sources (Any Condition should be True)
6. ip.src == 192.168.43.43 || ip.src == 192.168.43.1

Either this address in source or destination
7. ip.addr == 192.168.43.43

Not Condition (Dont want to view this source)
8. !(ip.src == 192.168.43.43)

Mutiple filters and both should be true as this is having &&
9. ip.src == 192.168.43.43 && !(ip.dst == 192.168.43.1)

For filtering packets on basis of data it contains
10. tcp contains demo.testfire.net

For filtering pckets contains password
11. http.request.method == “POST”

—————————————————————————-

4 comments on “Introduction to wireshark
  1. Hi are using WordPress for your site platform? I’m new to the blog world but I’m trying to get started and set up my own. Do you need any html coding expertise to make your own blog? Any help would be really appreciated!

  2. hi!,I love your writing so much! share we be in contact more approximately your post on AOL? I require an expert in this house to resolve my problem. May be that’s you! Taking a look ahead to see you.

  3. Jene Mutana says:

    You’re so interesting! I do not think I have read through a single thing like that before.So nice to discover somebody with some unique thoughts on this topic.Seriously.. many thanks for starting this up.This web site is one thing that is required on the internet, someone with a bit of originality!

Leave a Reply

Your email address will not be published. Required fields are marked *

*