BlueTeam
7.Packets-Analysis
Wireshark

What is Wireshark and How to Use It?

Wireshark is an industry-standard tool for network protocol analysis and is essential in any traffic and packet investigation. You can view, save and break down the network traffic with it. You can learn more about Wireshark by completing the Wireshark module (opens in a new tab).

Commands

Filters

dns

Statistics

Statistic ---> Capture Files Properties
  • Give many information about packets
    • Number of packets
    • Time
    • Other Very useful elements...

Protocol Hierachy

Statistics ---> Protocol Hierachy
  • Give information about the packets (type)
    • ex: how many HTTP packets have been sent, ...

Conversation

Statistics ---> Conversation
  • Analyse the number of packet sent to each ports
  • Very great to detemine where the attack took place (what service)

Resolved Address

Statistics ---> Resolved Address / All entries to HOST
  • Allow to see with what DNS was the packet sent

Download Files (Img, PDF, EXE)

File ---> export object ---> HTTP (Download the desired file)
  • Allow you to download a file that has been downloaded by someone else during the time you capture the packets