information gathering – wireshark

Wireshark - the worlds foremost network protocol analyzer


Backtrack 5R1
root@bt:~# wireshark
1. Interface List / Start capture on interface: = eth0
ip.src = IP source address

ip.dst = IP destination address
Filter:
To filter on a single host

ip.src == 192.168.1.2
To filter on a network

ip.src == 192.168.1.0/24
To filter a single host - single destination

(ip.src == 192.168.1.2) && (ip.dst == 192.168.25.4)
To filter on a single port/service

tcp.port eq 80
To filter on mutiple port/services

(tcp.port eq 443) or (tcp.port eq 80)
To filter for ICMP

icmp
To filter out ICMP

!icmp
To filter on a single host - single destination - using a single port

(ip.src == 192.168.1.2) && (ip.dst == 192.168.25.4) && tcp.port eq 80
To filter on a single host - single destination - Filter on Windows -- Filter out noise, while watching Windows Client - DC exchanges

(ip.src == 192.168.1.2) && (ip.dst == 192.168.25.4) && smb || nbns || dcerpc || nbss || dns

Filter on Windows -- Filter out noise, while watching Windows Client - DC exchanges smb || nbns || dcerpc || nbss || dns

myexploit

twitter @myexploit2600

information gathering – wireshark

Leave a comment Cancel reply

Share this:

Leave a comment Cancel reply