Showing posts with label wireshark forensics. Show all posts
Showing posts with label wireshark forensics. Show all posts

Friday, February 15, 2013

Packet Capture Forensics with WireShark

WireShark is a network protocol analyzer. This software allows you to monitor and capture and analyze network traffic. I will show you some easy simple tips and tricks for filtering through tons of data to get what your looking for. With all of this raw dump data it can be a very daunting task of filtering the data to get the best results.

Always remember to put it in order, you can do that by making sure the start time is at the top. Simply click the Time column to sort the data by time.


Another thing to do would be to filter the data by the appropriate protocol. The box at the top that says "Filter:" you can start typing the protocol you wish to filter and it may find it for you, click the Apply button on the right and your new filtered data should appear.


If you are looking for a specific string in your data you can search the bytes. In the top menu of WireShark select Edit then Find Packet. Or you can use the shortcut keys Ctfl+F. In the popup box select string from the radio buttons and type your string in the box.