OpenStudy (harsha19111999):
ScreenShots
OpenStudy (harsha19111999):
OpenStudy (harsha19111999):
@e.mccormick
OpenStudy (e.mccormick):
Yep. Pretty typical.
OpenStudy (harsha19111999):
I think the general transfer of files between 2 computers would be easier
OpenStudy (e.mccormick):
You can see the actual HTTP streams mized in with the assorted TCP syn/ack messages. And yes, the more you eliminate "noise" the easier it is to follow. But you can use a filter to help with that.
OpenStudy (harsha19111999):
Is there a filter option in Wireshark?
OpenStudy (harsha19111999):
There are 2 options:1) Capture filters 2) Display filters
OpenStudy (harsha19111999):
When I clicked Capture Filters, this appeared:
OpenStudy (e.mccormick):
Yes. A capture filter can help ignore things before they go into the capture file. For example, if you relay from a router and only want the relay to get recorded, that is good. In contrast, a display filter only shows less of what has been captured.
OpenStudy (harsha19111999):
Oh. Now what to do after clicking Capture filters? The screenshot is above
OpenStudy (e.mccormick):
Lets say you only wanted to capture unsecured web traffic. That TCP or UDP port 80 one would get it down to just that. See, a capture is a recording. A capture filter means record less.
OpenStudy (harsha19111999):
If I have done a google search or went to some website. Then which port does it use?
OpenStudy (harsha19111999):
I mean which protocol
OpenStudy (e.mccormick):
Lets say you just wanted to display less, but still capture it all. That is a display filter. You could right click an aspect of a frame and make a filter that is specific to that. The web you see in a browser is basically http and https. The difference is the s ones are secured.
OpenStudy (harsha19111999):
Okay. Go it. Just a second. Trying it out
OpenStudy (e.mccormick):
Here are some examples: http://www.maketecheasier.com/use-display-filters-in-wireshark/
OpenStudy (harsha19111999):
It worked. Here are the screenshots:
OpenStudy (harsha19111999):
You see...The 4th screenshot has your name in the log data
OpenStudy (e.mccormick):
Yep. So that has drilled down to where you are seeing some web page lookup of OpenStudy. Following that stream would/could then let you rebuild the HTML of the page. When you follow a stream it takes all the packets that say they are for a particular session and puts them back together. So for viewing a web page it is the HTTP session that loaded that one page.
OpenStudy (harsha19111999):
Yes. Thanks for the help again
OpenStudy (e.mccormick):
np. I hope that helps you understand what a lan analyzer is and can do. A related topic is packet sniffing or a packet sniffer. It is basically the same thing.
OpenStudy (harsha19111999):
Oh. I will look into it
OpenStudy (e.mccormick):
When you do research, people call it one or the other. If you think about it, a network analyzer detects (sniffs) packets and allows you to take them apart to look at their protocols, etc. So they call it a network analyzer, protocol analyzer, wireless sniffer, packet sniffer, etc. Sometimes one term will get you slightly different information than another, but they are very closely related. For example, Snort: https://www.snort.org/ That is a packet sniffer that looks at network activity to find intrusions. So it is a packet sniffer that has a very specific focus to find malicious activity. In contrast, Kismet is taylored to work with Wireless networks: https://www.kismetwireless.net/
OpenStudy (harsha19111999):
How are kismet and snort different from wireshark? Because wireshark also detects packets and tell the protocol they use
OpenStudy (e.mccormick):
Wireshark is very raw and does little work other than get the data and display it. Kismet I have looked at a little but never tried. Snort does things based on what it sees. Think about oranges. Wireshark gets an orange and hands it to you. Next orange comes along, it hands it to you. Snort would look at the orange, see it is an orange, and let it go. Next one comes along and Snort smells it and says, "This is a LEMON that someone has painted orange! WARNING, WARNING! LEMON CODE!" That is a bit allegorical, but it is the difference between a basic capture tool and one that does a specific job.
OpenStudy (harsha19111999):
Oh okay. So we specify some certain computers with the IP addresses connected to a network. If a computer whose IP address is not specified connects with the network, it alarms us
OpenStudy (e.mccormick):
It can do that. In general, Snort knows what attacks look like. Think of it as a virus checker for packets.
OpenStudy (harsha19111999):
Oh. Got it
OpenStudy (e.mccormick):
Well, I have to head out, but I hope that helps you understand some different types of network tools.
OpenStudy (harsha19111999):
Yes. I have saved this link: https://www.wireshark.org/docs/wsug_html_chunked/ to learn about WireShark
OpenStudy (harsha19111999):
Thanks for your time
Join our real-time social learning platform and learn together with your friends!
Bounty:
guys I'm losing all my motivation for school work how can I motivate myself to stop being lazy because even while I'm being on my work it still piles up and
albert14ring:
Can you give me suggestions on the fastest and most organized way to be ready early in the morning to go to school without any confusion or delay? The impor
Twaylor:
how to make good breakfast food ingredients : 1 mother flat bread bananas peanut
lovelove1700:
u00bfA quu00e9 hora es tu clase?Fill in the blanks Activity unlimited attempts left Completa.
glomore600:
find someone says that that one person your talking to doesn't really like you should I take their advice and leave or should I ask the person i'm talking t
Addif9911:
Him I dimmed the light that once felt mine, a glow I never meant to lose. I over-read the shadows, let voices crowd the room where only two hearts shouldu20
EdwinJsHispanic:
Poem to my mom who proved my point "You proved my point, I am a failure. but I kinda wish, you were my savior.