TCPdump

  Export to a file tcpdump -i <interface> -s 65535 -w name.pcap   -n:  will suppress name resolution of IPs, […]

chapter 9 wireshark HTTP,FTP, Email

HTTP Filter: http tcp.port==80 http.host==”www.abc.net” or http.host contains “www.abc.net” this only filter the destination host. http.response.code==404 200 means transfer is […]

chapter 8 Analyze TCP , DHCP with Wireshark

TCP Basic: http://frankfu.click/networking/networking-fundamental/transport-layer.html/2/ Three way handshake SYN SYN/ACK ACK  Flags: random sequence number: for security consideration, prevent spoof. The other […]

Chapter 7 Wireshark IP ICMP UDP

IPv4 Ping packet In windows, it’s abcdefghijklmnopqrstuvw 20 letters. ping large packet : e.g. ping 2000 bytes packet : ping […]

Chapter 6 DNS and ARP analysis

DNS analysis   To filter out the specific dns query packets, you can type dns contains “domain_name” in the display filter. […]

chapter 1 Basic (Filter, Output)

Basic   What is wireshark capturing By default, wireshark only monitor the traffic originated from or to local interface. If […]