Wireshark/Protocol Analysis

From charlesreid1

Revision as of 03:01, 20 January 2016 by Admin (talk | contribs) (Created page with "=Protocols= Another way to analyze traffic in Wireshark is to look at statistics about the protocol layer. You can open Statistics > Protocol Hierarchy to see information ab...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Protocols

Another way to analyze traffic in Wireshark is to look at statistics about the protocol layer.

You can open Statistics > Protocol Hierarchy to see information about what protocols are used in what amounts.

This can be useful if you are trying to determine "normal" behavior for a network, and then trying to determine if a particular day's traffic is an outlier and why.

By looking at a network's traffic protocol statistics, you can learn a lot about that network. Example: IT department will have admin protocols like ICMP or SNMP. Ordering department will use lots of SMTP. Interns will use WoW.





Defcon.png
Wireshark
a Swiss-army knife for analyzing networks, network traffic, and pcap files.

Wireshark  · Category:Wireshark

Packet Analysis  · Wireshark/Advanced

Wireshark/HTTPS  · Wireshark/Traffic Analysis  · Wireshark/Conversation Analysis  · Wireshark/Protocol Analysis

Working with SSL/TLS/HTTPS:

MITM Labs/Decrypting HTTPS Traffic by Obtaining Browser SSL Session Info  · MITM Labs/Decrypting HTTPS Traffic with Private Key File


Flags  · Template:WiresharkFlag  · e



Retrieved from "https://charlesreid1.com/w/index.php?title=Wireshark/Protocol_Analysis&oldid=8941"