Wireshark/Advanced

From charlesreid1

Advanced Stuff

Endpoints and Conversations

See Wireshark/Conversation Analysis page

Protocols

See the Wireshark/Protocol Analysis page for more info on analyzing traffic protocols.

Name Resolution

To convert from a MAC address to an IP address is name resolution using the ARP protocol.

To convert from IP to Human-readable domain name uses DNS protocol.

Traffic

Wireshark IO graphs show the measure of traffic in a given space over time. By changing the time resolution you get very different pictures of the data.

Case in point: the rather boring 1-second resolution:

WiresharkIO 1second.png

versus the much more interesting 10-minute resolution:

WiresharkIO 10minute.png





Defcon.png
Wireshark
a Swiss-army knife for analyzing networks, network traffic, and pcap files.

Wireshark  · Category:Wireshark

Packet Analysis  · Wireshark/Advanced

Wireshark/HTTPS  · Wireshark/Traffic Analysis  · Wireshark/Conversation Analysis  · Wireshark/Protocol Analysis

Working with SSL/TLS/HTTPS:

MITM Labs/Decrypting HTTPS Traffic by Obtaining Browser SSL Session Info  · MITM Labs/Decrypting HTTPS Traffic with Private Key File


Flags  · Template:WiresharkFlag  · e



Retrieved from "https://charlesreid1.com/w/index.php?title=Wireshark/Advanced&oldid=8940"