Network Traffic Analysis Flashcards
Wireshark
Cross platform & open source software that gathers and parses network traffic
uses “Ncap” driver on windows
exports and imports network traffic files
Capture filters
predetermined filters that can be used before capturing traffic and cannot be modified during the capture
Apply as Filter
uses the information as a filter without additional changes
Prepare as Filter
adds the information filter to the filter bar, and allows you to modify it
&&
filter can be used for packets that include AND statements
||
displays packets that include OR statments
Statistics
provide a more enhanced overview of captured packets
HTTP Statistics
Provide a broader overview of HTTP connections, based on the host and URL
Protocol Hierarchy
Hierarchical tree of all protocols found in the capture traffic
shows statistics about the protocols being used
Automatic Extractions
The list is automatically refreshed
Wireshark Protocol Extraction
Dicom HTTP IMF SMB TFTP
Manual Extractions
is done for protocols that Wireshark does not handle, such as FTP
What do you use to get entire stream of the file on Wireshark?
TCP Stream
When is “Save as..” used in Wireshark
for raw data
Network Miner
is an open-source NFAT tool for Windows
used for simple file extraction from capture traffic
free edition extracts only PCAP files