📊

Essential Wireshark Tutorial Guide

Feb 13, 2025

Wireshark Tutorial and Tactical Cheat Sheet

Introduction to Wireshark

  • Wireshark is a powerful open-source tool for network analysis.
  • Useful for troubleshooting, finding security issues, and more.
  • Applicable for network engineers, security professionals, and system administrators.

Example Use Cases

Troubleshooting Network Connectivity

  • Understand packet loss visually.
  • Review TCP retransmissions.
  • Graph high latency packet responses.

Application Layer Examination

  • View full HTTP sessions including headers and data.
  • Analyze Telnet, SMTP, or POP3 traffic.

DHCP Troubleshooting

  • Examine DHCP client broadcasts and offers.
  • Trace client requests and server acknowledgments.

File Extraction

  • HTTP: Extract objects like JavaScript, images, executables.
  • SMB: Extract files transferred over SMB protocol.

Malware Detection

  • Identify anomalous behavior and unusual domains/IPs.
  • Use IO graphs to identify regular beacons.

Vulnerability Scan Analysis

  • Analyze network traffic from vulnerability scanners.
  • Troubleshoot checks for false positives/negatives.

Installation

  • Ubuntu/Debian: apt-get install wireshark tshark.
  • Fedora/CentOS: yum install wireshark-gnome.
  • Windows: Download from Wireshark's website and install.

Getting Started with Filters

  • Filters are used to remove noise.
  • Examples:
    • IP address filters: ip.addr == 192.168.0.5
    • Protocol filters: tcp, udp, http

Analyzing HTTP Streams

  • Use Analyze | Follow | HTTP Stream to see assembled HTTP sessions.

DNS Resolution

  • Enable network name resolution in preferences.

Tshark

  • Command-line capture tool, similar to tcpdump.

Building Firewall Rules

  • Generate command-line firewall rules easily.

GeoIP Mapping

  • Resolve IP addresses to locations using GeoIP.
  • Filter traffic based on geographical location.

Decrypting SSL/TLS Sessions

  • Use server private key or SSLKEYLOGFILE for decryption.
  • Configure environment variables for browsers.

Extracting Files

  • Use File | Export Objects | HTTP to extract files from captures.

Interface and Environment

  • Configurable console; add/remove columns, change layout.

Capinfos

  • Command-line tool for summarizing pcap files.

Conclusion

  • Wireshark is an essential but complex tool for network analysis.

View note sourcehttps://hackertarget.com/wireshark-tutorial-and-cheat-sheet/