allstarmop.blogg.se - Simple use of wireshark

#SIMPLE USE OF WIRESHARK HOW TO#

Within Wireshark, a syntax called Berkley Packet Filter (BPF) syntax is used for creating different capture filters. How do they work? By setting a specific filter, you immediately remove the traffic that does not meet the given criteria. These filters are used before the process of packet capturing.

#SIMPLE USE OF WIRESHARK HOW TO#

Knowing how to use different filters is extremely important for capturing the intended packets.

What type of traffic do you want to analyze? The type of traffic will depend on the devices within your network.

What devices do you have inside your network? It’s important to keep in mind that different kinds of devices will transmit different packets.

Do you have promiscuous mode supported? If you do, this will allow your device to collect packets that are not originally intended for your device.

The process of analysis in Wireshark represents monitoring of different protocols and data inside a network.īefore we start with the process of analysis, make sure you know the type of traffic you are looking to analyze, and various types of devices that emit traffic:

HTTP with Secure Sockets Layer – HTTPS (HTTP over SSL/TLS) If you want to learn about the most common ones, check out the following list: Port numberĭynamic Host Configuration Protocol – DHCP Different ports are used for different protocols. And public ports are ports from 49152-65535, they can be used by any service. Then, from 1024 to 49151 are registered ports – they are assigned by ICANN to a specific service.

They can be divided into three different categories: ports from 0 – 1023 are well-known ports, and they are assigned to common services and protocols.