Some basic commands of Wireshark
1. Basic Filters for Exploration:
To filter packets by IP address or ports:
ip.addr == [IP_address]
tcp.port == [port_number]
2. Preview Mode:
Select a specific packet and use "Preview Mode" to view the content of the packet.
This is useful for examining content like HTTP requests, passwords, etc.
3. Saving Packets:
To save selected packets:
Use the "File" menu, select "Export," and save packets to a PCAP file or another format.
4. Statistics:
Access various analysis tools from the "Statistics" menu, such as:
"Conversations": Displays communications (communication between IP addresses).
"Protocol Hierarchy": Shows used protocols and packet counts.
5. Promiscuous Mode:
Enable promiscuous mode by running Wireshark with administrator (root) privileges. This allows you to capture traffic from other devices on the network.
6. Colorful Packets:
Colors help visually differentiate packet types. For example, green might represent TCP, yellow ICMP, and so on.
7. Note Start and End Times:
Note the start and end times of a scan to examine a specific time frame.
8. Filter Memory:
Save frequently used filters and apply them quickly when needed.
9. Capture Tool:
The capture tool allows you to monitor network traffic in real-time by selecting a specific interface.
10. Static IP Addresses:
- If you want to statically monitor a specific IP address, you can do so using the "Capture" menu and selecting "Options."
It covers the basics to help you get started with Wireshark. You can continue to learn more deeply by using Wireshark more and creating filters and analyzes for specific scenarios.