Walk in the ocean of data
Wireshark is a web traffic crawling analysis artifact and the number one tool in the ranking of security tools. Using wireshark must keep in mind some common packet filtering rules, and it will take less effort to find some specific packages.
Ip source address: ip.src ip.src==10.0.3.109
Ip destination address: ip.dst ip.dst==10.0.3.114
Tcp.port==80 All ports are 80 packages
Tcp.dstport==80 The destination port is 80 packets.
Tcp.srcport==80 packet with source port 80
Http.request.method==”GET” Find GET packages
Http.request.method==”POST” Find POST packages
You can open the Wireshark Expression and the Filter Expression window will pop up:
[[Infiltration Artifact Series] Metasploit] (http://thief.one/2017/08/01/1/)
[[Infiltration Artifact Series] DNS Information Query] (http://thief.one/2017/07/12/1/)
[[Infiltration Artifact Series] Fiddler] (http://thief.one/2017/04/27/1)
[Infiltration artifact series] nmap
[Infiltration Artifact Series] Search Engine
[[Infiltration artifact series] nc] (http://thief.one/2017/04/10/1/)