FREE Wireshark Mini Course | From Beginner to Advanced in Under 2 Hours
In this mini course, we presented the popular packet analyzer Wireshark covering its GUI interface, navigation, packet analysis & dissection, data extraction & export, operators, traffic analysis and finishing with scenarios inspired from cyber security CTF challenges.
Table of Contents:
Course Access
Course is free and can be accessed from this link.
Some concepts that are discussed in this mini course
Packet Capturing
Packet capture refers to capturing network packets transmitted over a network, and packet replay refers to sending packets back out over the network. You can capture packets using a protocol analyzer, which is sometimes called sniffing or using a sniffer.
领英推荐
Traffic Analysis
Traffic Analysis is a method of intercepting, recording/monitoring, and analyzing network data and communication patterns to detect and respond to system health issues, network anomalies, and threats. The network is a rich data source, so traffic analysis is useful for security and operational matters. The operational issues cover system availability checks and measuring performance, and the security issues cover anomaly and suspicious activity detection on the network.
What is Wireshark?
Wireshark is an open-source, cross-platform network packet analyser tool capable of sniffing and investigating live traffic and inspecting packet captures (PCAP). It is commonly used as one of the best packet analysis tools.
Comparison Operators in Wireshark [1]
eq OR ==
ne OR !=
gt OR
lt OR
ge OR =
le OR =
[2]
"contains" : Search a value inside packets. It is case-sensitive and provides similar functionality to the "Find" option by focusing on a specific field.
Example: List all HTTP packets where packets’ “server” field contains the “Apache” keyword.
http.server contains "Apache"