Analyzing packets with Wireshark
1. What is Wireshark? π₯️π
Wireshark is a network protocol analyzer used to capture and inspect network packets in real time.
Helps troubleshoot networks π
Detects malicious traffic π¦
Monitors protocols π‘
2. Why Use Wireshark? π―
Analyze network performance π
Detect intrusions & malware π‘️
Debug network protocols π₯️⚙️
Learn network communication patterns π§
3. Wireshark Basics π ️
Installation & Setup π»
Download from Wireshark.org π
Install on your OS (Windows, Linux, Mac) π₯️
Run as administrator/root for full packet capture π§π»
Capture Packets π¦
Select the network interface (Wi-Fi, Ethernet)
Click Start Capture ▶️
Stop capture when done ⏹️
4. Packet Analysis Components π§©
Packet List Pane π – Shows captured packets sequentially.
Packet Details Pane π – Expand each packet to see protocol layers (Ethernet, IP, TCP/UDP, HTTP, etc.)
Packet Bytes Pane πΎ – Shows raw packet data in hexadecimal and ASCII.
5. Common Filters in Wireshark π―
Filters help focus on specific traffic:
IP Address:
ip.addr == 192.168.1.10
Protocol:
tcp
udp
http
Port:
tcp.port == 80
Source/Destination:
ip.src == 192.168.1.1
ip.dst == 8.8.8.8
6. Useful Features π ️
Follow TCP Stream π – View entire communication between two hosts
Color Coding π – Quickly identify packet types (green = HTTP, blue = DNS, etc.)
Statistics π – Protocol hierarchy, conversations, endpoints
Export Data πΎ – Save captures for reports
7. Best Practices ✅
Capture only authorized networks ⚖️
Use filters to reduce noise π§Ή
Regularly update Wireshark ⬆️
Analyze suspicious packets carefully π
Avoid capturing sensitive data without consent π
π‘ Tip: Think of Wireshark like a microscope for your network π§ͺπ—you can see every packet moving in and out!
Comments
Post a Comment