Skip to main content

Basics of Wireshark: Part-2


What is color coding in Wireshark?

The packets within the Wireshark are highlighted with blue, black, and green color. These colors help users to spot the kinds of traffic. it's also called as packet colorization. The all defined coloring rules within the Wireshark are kind of temporary rules and permanent rules.

The temporary created all rules are already there until the program is in active mode or until we quit the in middle program.
The permanent color rules are available until the Wireshark is in use or the following time you run the Wireshark. The steps to use color filters are discussed later during this topic.



Below is the list of filters used in Wireshark:

FiltersDescription
ip.addr
Example- ip.addr==10.10.100.247
ip.src
ip.dst		It is used to specify the IP address as the source or the destination.
This example will filter based on this IP address as a source and a destination.
If we want for a particular source or destination then,
It is used for the source filter.
It is used for the destination.
protocol
Example- dns or http
'Dns and http' is never used.		This command filters based on the protocol.
It requires the packet to be either dns protocol or http protocol and will display the traffic based on this.
We would not use the command 'dns and http' because it requires the packet to be both, dns as well as http, which is impossible.
tcp.port
Example: tcp.port==443		It sets filter based on the specific port number.
It will filter all the packets with this port number.
4. udp.portIt is same as tcp.port. Instead, udp is used.
tcp.analysis.flags
example is shown in fig(5).		Wireshark can flag TCP problems. This command will only display the issues that Wireshark identifies.
Example, packet loss, tcp segment not captured, etc. are some of the problems.
It quickly identifies the problem and is widely used.
6.!()
For example, !(arp or dns or icmp)
This is shown in fig (6).		It is used to filter the list of protocols or applications, in which we are not interested.
It will remove arp, dns, and icmp, and only the remaining will be left or it clean the things that may not be helpful.
Select any packet. Right-click on it and select 'Follow' and then select' TCP stream.' Shown in fig. (7).It is used if you want to work on a single connection on a TCP conversation. Anything related to the single TCP connection will be displayed on the screen.
tcp contains the filter
For example- tcp contains Facebook
Or
udp contains Facebook		It is used to display the packets which contain such words.
In this, Facebook word in any packet in this trace file i.e., finding the devices, which are talking to Facebook.
This command is useful if you are looking for a username, word, etc.
http.request
For the responses or the response code, you can type
http.response.code==200		It will display all the http requests in the trace file.
You can see all the servers, the client is involved.
tcp.flags.syn==1
This is shown in fig (10).
tcp.flags.reset		This will display all the packets with the sync built-in tcp header set to 1.
This will show all the packets with tcp resets.

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

How to Reset Steam Password? – Recover Your Steam Password

Are you suffering with Reset Steam Password? This blog will help you. What is Steam? Steam is the online website for getting the best games for paid. If you are a true game lover then you should have an active account on Steam. Many of people lost their password during the  PC clean-up  or any other circumstances. At that time they have to reset Password of all accounts. Then if you facing issues with the password, you forced to Steam reset password to access the Steam account. We are going to share the guide that how to recover your forgotten Steam Password and make your existing account ready. First of all, you should have enough knowledge about what is Steam and why Steam Account required? Why Steam Account Requires? Before jump into password recovery and Login details, let me clear about why Steam Account required? There are several benefits of this Steam Account from where you can easily download PC games as well as software. Though it will be p...
Post a Comment
Read more

What is STP? - Explain Advantages and Disadvantages

The Spanning Tree Protocol is a network protocol that builds a loop-free logical topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. STP is a protocol. It actively monitors all links of the network. To finds a redundant link, it uses an algorithm, known as the STA (spanning-tree algorithm). The STA algorithm first creates a topology database then it finds and disables the redundant links. Once redundant links are disabled, only the STP-chosen links remain active. If a new link is added or an existing link is removed, the STP re-runs the STA algorithm and re-adjusts all links to reflect the change. STP (Spanning Tree Protocol) automatically removes layer 2 switching loops by shutting down the redundant links. A redundant link is an additional link between two switches. A redundant link is usually created for backup purposes. Just like every coin has two sides, a redundant link, along with...
5 comments
Read more