Infiltration Artifact Series WireShark

Walk in the ocean of data

Wireshark is a web traffic crawling analysis artifact and the number one tool in the ranking of security tools. Using wireshark must keep in mind some common packet filtering rules, and it will take less effort to find some specific packages.

IP Filtering

Ip source address: ip.src ip.src==10.0.3.109
Ip destination address: ip.dst ip.dst==10.0.3.114

Port Filtering

Tcp.port==80 All ports are 80 packages
Tcp.dstport==80 The destination port is 80 packets.
Tcp.srcport==80 packet with source port 80

Protocol filtering

http
tcp
icmp
…….

http mode filtering

Http.request.method==”GET” Find GET packages
Http.request.method==”POST” Find POST packages

Joiner

Self-service mode

You can open the Wireshark Expression and the Filter Expression window will pop up:

Portal

[[Infiltration Artifact Series] Metasploit] (http://thief.one/2017/08/01/1/)
[[Infiltration Artifact Series] DNS Information Query] (http://thief.one/2017/07/12/1/)
[[Infiltration Artifact Series] Fiddler] (http://thief.one/2017/04/27/1)
[Infiltration artifact series] nmap
[Infiltration Artifact Series] Search Engine
[[Infiltration artifact series] nc] (http://thief.one/2017/04/10/1/)

本文标题:Infiltration Artifact Series WireShark

文章作者:nmask

发布时间:2017年02月09日 - 11:02

最后更新:2019年08月16日 - 15:08

原始链接:https://thief.one/2017/02/09/WireShark filter rules/

许可协议: 署名-非商业性使用-禁止演绎 4.0 国际 转载请保留原文链接及作者。

nmask wechat
欢迎您扫一扫上面的微信公众号,订阅我的博客!
坚持原创技术分享,您的支持将鼓励我继续创作!

热门文章推荐: