🌐

Wireshark Tutorial by Anson from AnsonAlex.com

Jul 4, 2024

Wireshark Tutorial by Anson from AnsonAlex.com

Introduction

  • Overview: Basic tutorial for using Wireshark, an open-source network scanner and monitor.
  • Capabilities: Allows inspection of network traffic and individual packets.
  • Demo on a Mac: User interface is consistent across Mac, Windows, and Linux.

Getting Started with Wireshark

  1. Opening Wireshark: Overview of the User Interface
    • Lists network interfaces available for monitoring on the left side.
    • To identify the active interface, use the Interface List option.
    • The active interface will be the one sending and receiving packets.
  2. Starting Capture
    • Select the appropriate interface and click Start.
    • A new window opens, displaying real-time network traffic.
    • Click the red stop button to pause the capture when enough data is collected.

Packet Information Display

  • Columns in View: Time, Source, Destination, Protocol, Length, Info.
  • Modifying Time Format:
    • View > Time Display Format
    • Options: Seconds since the start, previous packet, etc.

Inspecting Packets

  • Details:
    • Click a packet to display detailed information below.
    • Sections: Frame, Ethernet, IP, TCP, etc.
    • Example: Inspecting an HTTP packet includes information like host, machine type, browser.

Using Filters

  1. Applying Basic Filters:
    • Type the protocol in the filter bar (e.g., HTTP).
    • Filters narrow down the displayed packets to the protocol or criteria entered.
  2. Advanced Filtering by Source/Destination IP:
    • Right-click on a packet > Apply as Filter > Selected.
    • Useful for isolating traffic between specific IP addresses.

Identifying Malicious Activity

  • Dropped Packets and Resets:
    • Watch for RST (reset) messages indicating blocked communications.
    • Continuous messages to multiple ports can signify a network scan.
  • Tracing Processes on Mac:
    • Use terminal commands to identify processes utilizing specific ports.
    • Example command: sudo lsof -i :443
    • Identify and kill suspicious processes via Activity Monitor.

Practical Applications

  • Types of Use Cases:
    • Examining traffic on client computers or entire network segments.
    • Monitoring for DDoS attacks: Frequent RST messages can indicate ongoing attacks.
  • Customization and Exporting Data:
    • Adjust Color Coding: View > Coloring Rules
    • Export Options: File > Export for packets, dissections, and objects.

Conclusion

  • Encouragement to ask further questions and provide feedback on the tutorial.
  • Call to action: Thumbs up on YouTube and subscriptions for more tech tutorials and tips.

Full transcript