Open in app

Sign in

Write

Sign in

TryHackMe-WireShark: The Basics

HackingSkills
3 min readJun 1, 2023

--

wireshark is a traffic analyzer it could be used as:-

  1. Detecting and solving network problems

2. Detecting security anomalies

3. Investigating and learning protocols details.

NOTE: wireshark is not an IDS, and not modify the packets, it just reads them, and the analysist who will discover the anomalies and this depends on the analysist knowledge and investigation skills.

Packet details pane:

It represents the OSI layers → depending on the protocols of the packets.

  1. Frame Layer → Physical layer details.

2. Source [MAC] Layer → source and destination MAC addresses and Data Link layer details.

3. Source [IP] Layer → source and destination IP addresses and Network layer details.

4. Protocol Layer → TCP/UDP protocols details, source and destination ports and Transport Layer details.

5. Protocol Error Layer → shows specific segments from TCP that needed to be reassembled.

6. Application Protocols Layer → protocols details and Application layer details.

7. Application Data Layer → show the application-specific data.

Wireshark features:-

Coloring Packets:

We can customize packets color.

There’re two types of packet coloring:-

  1. Temporary → by changing conversation filter.
  2. Permanent → by changing coloursing packet list.

Capture Files details:

to view file details click on pcap icon or statistics → capture file properties.

Go Packet:

to go to specific packet => Go → Go to packet.

Find Packet:

to search for specific string, hex, regex or display filter in packet list, packet details, and packet bytes panes.

we have to know where to search..

to find a packet => Edit → find packet.

Packet Mark:

it highlight the packets temporary.

Packet Comments:

it’s permanent.

Exporting Packets:

we can export specific packets to a separate file.

Time Format:

to change time format=> View → Time Display Format.

Expert info:

to view the potential anomalies=> Analyze → Expert information.

Packet filtering:

there’re two types:

  1. Capture filter → filter the packets that need to be captured.
  2. Display filter → filter the packets that will viewed in packet list pane.

Apply as a filter:

filter a single entity of the packet.

Conversation filter:

filter the packet and associated packets.

Coloursing Packets:

highlight the packets.

Prepare as a filter:

put the query the filter box without executing the filter.

Apply as a column:

add a column in the packet list pane.

Flow Stream:

Displaying the whole stream of the packets.

Packets originating from server are highlighted with blue.

Packets originating from client are highlighted with red.

Commands or queries used

to calculate MD5 hash value for a file we can use this command →

md5sum file_name.

The room link:

TryHackMe | Wireshark: The Basics

Created on 1st June 2023

Tryhackme
Blueteam
Ecir
Elearnsecurity
Skiils

--

--

HackingSkills

Written by HackingSkills

16 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams