Wireshark/Conversation Analysis

From charlesreid1

Analyzing Traffic

There are many ways to analyze network traffic using Wireshark.

Conversations

One of the most interesting ways to analyze network traffic is by looking at it from a conversations standpoint. This bins traffic by source and destination, giving a fine-grained picture of which stations were responsible for the most traffic, which routers were the busiest, and which routers had the most clients.

Wireshark can be used to capture and analyze traffic itself, or you can create a pcap file using a utility like tcpdump (see the Tcpdump page) to create a .pcap file and load it into Wireshark.

WiresharkTrafficConversations.png

By clicking the "Copy" button at the bottom of the window, you can copy the entire contents of the table to the clipboard, then paste it into emacs or vim.





Defcon.png
Wireshark
a Swiss-army knife for analyzing networks, network traffic, and pcap files.

Wireshark  · Category:Wireshark

Packet Analysis  · Wireshark/Advanced

Wireshark/HTTPS  · Wireshark/Traffic Analysis  · Wireshark/Conversation Analysis  · Wireshark/Protocol Analysis

Working with SSL/TLS/HTTPS:

MITM Labs/Decrypting HTTPS Traffic by Obtaining Browser SSL Session Info  · MITM Labs/Decrypting HTTPS Traffic with Private Key File


Flags  · Template:WiresharkFlag  · e



Retrieved from "https://charlesreid1.com/w/index.php?title=Wireshark/Conversation_Analysis&oldid=8935"