Wireshark Flashcards
aim to prevent devices, technologies , and processes from unauthorized data access , identity thefts, and cyberthreats
Network Security tools
is an open-source network protocol analyzer
that helps organizations capture real-time
data and track, manage, and analyze
network traffic even with minute details
WIRESHARK
TOP 8 NETWORK SECURITY TOOLS
- wireshark
- nexpose
- splunk
- nagios
- tor
- nessus professional
- metsploit
- kali linux
used for monitoring network security. It
provides both real-time data analysis and historical
data searches. It is a cloud-based platform that
provides insights for petabyte-scale data analytics
across the hybrid cloud.
SPLUNK
network security tool that helps to
monitor hosts, systems, and networks. It sends
alerts in real-time. You can select which specific
notifications you would like to receive
nagios
a network security software that
provides real-time information about
vulnerabilities and reduces the threats in a
network.
NEXPOSE
network security tool that ensures
the privacy of users while using the internet.
It helps in preventing cybersecurity threats
and is useful in safeguarding information
security
TOR
security software that contains various tools for executing penetrating testing services.
METASPLOIT
is a network security software that can detect vulnerabilities like software bugs and general security problems in software applications, IT devices, and operating systems and manage them appropriately.
NESSUS PROFESSIONAL
a penetration testing tool used
to scan IT systems and network
vulnerabilities. The organization can monitor
and maintain its network security systems
on just one platform.
KALI LINUX
WHEN
SHOULD
WIRESHARK
BE USED?
- Wireshark can be used to understand how communication takes place across a network and to analyze what went wrong when an issue in communication arises
- Wireshark helps: Network administrators troubleshoot problems across a network
- Security engineers examine security issues across a network
- QA engineers verify applications
- Developers debug protocol implementations
- Network users learn about a specific protocol
WHEN
SHOULDN’T
WIRESHARK BE
USED?
- Help a user who doesn’t understand network protocols
- cannot grab traffic from all of the other systems on a network
- Notify you of alerts
common packet analyzer which allows the user to display other packets and TCP/IP packets, being transmitted and received over a network attached to the computer
Tcpdump
- method to monitor network traffic.
- When it is enabled, the switch sends the copies of all the network packets present at one port to another port
Port mirroring
COLOR CODING
IN WIRESHARK
- PACKETS
- PACKET COLORIZATION
- TEMPORARY RULES
- PERMANENT RULES
The packets in the Wireshark are highlighted
with blue, black, and green color
PACKETS
These colors help users to identify the types of traffic
PACKET
COLORIZATION
are there until the program is in active mode or until we quit the program.
TEMPORARY
RULES
The permanent color rules are available until the Wireshark is in use or the next time you run the Wireshark.
PERMANENT
RULES
Features of Wireshark
- CAPTURES
- SUPPORTS
- MAIN PURPOSE
It can only capture packet on the PCAP (an application programming interface used to capture the network) supported networks.
CAPTURES
Wireshark supports a variety of welldocumented capture file
formats such as the PcapNg and Libpcap. These formats are used for storing the captured data.
SUPPORTS
It is the no.1 piece of software for its purpose. It has countless applications ranging from the tracing down, unauthorized traffic,
firewall settings, etc.
MAIN
PURPOSE
The screen/interface of the Wireshark is divided into five parts:
- menu bar and the options displayed below
- packet listing window
- packet header- detailed window
- packet contents window
- filter field
This part is at the top of the window. File and the capture
menus options are commonly used in Wireshark. The capture
menu allows to start the capturing process. And the File menu
is used to open and save a capture file.
menu bar and the options displayed
- It determines the packet flow or the captured packets in the traffic.
- It includes the packet number, time, source, destination, protocol, length, and info.
- We can sort the packet list by clicking on the columnname.
packet listing window
- It contains detailed information about the components of the packets.
- The protocol info can also be expanded or minimized according to the information required
packet header- detailed window
which
displays the content in ASCII and hexadecimal format
The bottom window
- which is at the top of the display.
- The captured packets on the screen can be filtered based on any component according to your requirements
filter field
- this is the number of packets captured
- the bracket indicates that this packet is a part of the conversation
No.
- this column shows how long after you started the capture this particular packet
- you can change this value in the settings menu to display different option
time
this is the type of packet
source
this is the address of the system sent to the packet
source
column that shows you packet length, measured in bytes
length
this column shows you more information about the packet contents
info
- it is used to specify the IP address as the source of destination
- filter based on this IP address as source and destination
- used to source filter
- used to destination filter
ip.addr
ip.src
ip.dst
- this command filters based on protocol
- it requres the packet to be either dns protocol or http protocol and will display traffic
protocol
dns and http
- it sets filter based on specific port number
- it will filter all the packets with this port number
tcp.port
- wireshark can flag tcp problems. this command will only display the issues that wireshark identifies
tcp.analysis.flags
- it is used to filter the list of protocols in which we are not interested
- it will remove arp, dns, and icmp, and only remaining will be left or it clean the things that may not be helpful
!(dns, arp, icmp)
- it is used if you want to work on a single connection on a tcp conversation
- anything related to the single tcp connection will be displayed on the screen
select any packet
right click
follow tcp stream
- it is used to display the packets which contains such words
tcp contains the filter
- it will display http requests in trace file
http.request
if your command is correct
green
- this will display all the packets with the sync built-in tcp header set to 1
tcp.flags.syn==1
it is incorrect or the Wireshark does not recognize your command.
red
defined as the process to capture the packets of data flowing across a computer network
Packet sniffing
layer includes the protocols used by most applications for providing user services.
- Application Layer
establishes process-to-process connectivity, and it provides end-to-end services that are independent of underlying user data. To implement the process-to-process communication, the protocol introduces a concept of port
- Transport Layer
responsible for sending packets to across networks. It has two functions: 1) Host identification by using IP addressing system (IPv4 and IPv6); and 2) packets routing from source to destination.
- Internet Layer
defines the networking methods within the scope of the local network link.
- Link Layer
basic tool for observing network packet exchanges in a computer. As the name suggests, a packet sniffer captures (“sniffs”) packets being sent/received from/by your computer; it will also typically store and/or display the contents of the various protocol fields in these captured packets.
Packet Sniffer
