Skip to content

Instantly share code, notes, and snippets.

@DavidWittman

DavidWittman/wireshark-analysis.md

Last active January 4, 2024 17:14
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save DavidWittman/4965446 to your computer and use it in GitHub Desktop.
Save DavidWittman/4965446 to your computer and use it in GitHub Desktop.
Download ZIP
Outline for Packet Analysis with Wireshark
Raw
wireshark-analysis.md

Packet Analysis with Wireshark

Links

Common filters

Source IP is 192.168.1.1

ip.src == 192.168.1.1

Source or destination IP is 192.168.1.1

ip.addr == 192.168.1.1

TCP port 6667 (IRC) as source or dest

tcp.port == 6667

HTTP or DNS traffic

http or dns or http||dns

All HTTP GET requests

http.request

TCP resets

tcp.flags.reset==1

TCP packets containing a certain string or hex value

tcp contains foo tcp contains 0A:4B:23

Filter out chatty protocols

!(arp or icmp or dns)

Display all TCP retransmissions

tcp.analysis.retransmission

Sources

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment