Revision as of 03:01, 20 January 2016

Advanced Stuff

Endpoints and Conversations

See Wireshark/Conversation Analysis page

Protocols

See the Wireshark/Protocol Analysis page for more info on analyzing traffic protocols.

Name Resolution

To convert from a MAC address to an IP address is name resolution using the ARP protocol.

To convert from IP to Human-readable domain name uses DNS protocol.

Traffic

Wireshark IO graphs show the measure of traffic in a given space over time. By changing the time resolution you get very different pictures of the data.

Case in point: the rather boring 1-second resolution:

versus the much more interesting 10-minute resolution:

@@ Line 5: / Line 5: @@
 See [[Wireshark/Conversation Analysis]] page
-==Protocol Statistics==
+==Protocols==
-You can open Statistics > Protocol Hierarchy to see information about what protocols are used in what amounts.
+See the [[Wireshark/Protocol Analysis]] page for more info on analyzing traffic protocols.
-This can be useful if you are trying to determine "normal" behavior for a network, and then trying to determine if a particular day's traffic is an outlier and why.
-By looking at a network's traffic protocol statistics, you can learn a lot about that network. Example: IT department will have admin protocols like ICMP or SNMP. Ordering department will use lots of SMTP. Interns will use WoW.
 ==Name Resolution==

Wireshark/Advanced: Difference between revisions

From charlesreid1