reading-notes

Dedicated to my thoughts while learning cybersec

View the Project on GitHub jakeoverall/reading-notes

wireshark

Network Packet Analysis with Wireshark

10/16/2020

Wireshark is a free, open-source packet analyzer. It is a tool that is commonly used by both red and blue teams. Wireshark can be used for network troubleshooting, analysis and education.

Wireshark is a tool that every network or security administrator should know. It is an open‐source tool used for capturing network traffic and analyzing packets at an extremely granular level. Sometimes Wireshark is called a network analyzer or a sniffer. Packet capturing can tell you about transmit time, source, destination, and protocol type. This can be critical information for evaluating events that are happening or troubleshooting devices across your network. It can also help a security analyst determine whether network traffic is a malicious attack, what type of attack, the IP addresses that were targeted, and where the attack originated from. As a result, you will be able to create rules on a firewall to block the IP addresses where the malicious traffic originated.

Wireshark shows packet details captured from different network media, breaking down the Open Systems Interconnection (OSI) model into the data link, network, transport, and application layers.

wifi-pineapple

Wifi Pineapple (red)

A wifi pineapple is generally a device used to mimic or mirror an access point which can trick unexpecting people to connect to what appears as a safe open network Like McDonalds Guest. In Reality people are connecting to a compromised network and are falling victim to the infamous Man-in-the-Middle attack. With an incredible tool like wireshark and a person connecting to a compromised network, the attacker can simply “sniff” the network packets and easily apply filters to find any information that is being sent over unsecured methods.

red-vs-blue

Color in Wireshark

What the Color Coding Means in Wireshark

Color in Wireshark Packet Type
Light purple TCP
Light blue UDP
Black Packets with errors
Light green HTTP traffic
Light yellow Windows-specific traffic, including Server Message Blocks (SMB) and NetBIOS
Dark yellow Routing
Dark gray TCP SYN, FIN and ACK traffic