{"id":4039,"date":"2024-11-28T18:54:10","date_gmt":"2024-11-28T18:54:10","guid":{"rendered":"https:\/\/wiki.thomasandsofia.com\/?p=4039"},"modified":"2024-11-28T21:04:24","modified_gmt":"2024-11-28T21:04:24","slug":"tuwc-s2-networking-basics","status":"publish","type":"post","link":"https:\/\/wiki.thomasandsofia.com\/?p=4039","title":{"rendered":"TUWC &#8211; S2: Networking Basics"},"content":{"rendered":"<p><a href=\"\/the-ultimate-wireshark-course-main-menu\/\">The Ultimate Wireshark Course Main Menu<\/a><\/p>\n<h1>Section 2: Networking Basics<\/h1>\n<h3>Capture Filters<\/h3>\n<p>Capture &gt; Options<\/p>\n<ul>\n<li><strong>Input<\/strong>\n<ul>\n<li>Define which network cards to capture from\n<ul>\n<li>Click [ Manage Interfaces ] to select which NICs to show<\/li>\n<\/ul>\n<\/li>\n<li>[ X ] Promiscuous Mode: Sniff traffic not intended for your IP<\/li>\n<li>Capture Filters: Define which protocols you want to capture. These can be further filtered down with display filters.\n<ul>\n<li>Use this to keep your file sizes smaller.<\/li>\n<li>Click green icon.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li><strong>Output<\/strong>\n<ul>\n<li>Specify output file<\/li>\n<li>Set pcapng or pcap types<\/li>\n<li>Define how to manage file size, history<\/li>\n<li>Ring buffer: How many of these files to keep before deleting the oldest<\/li>\n<\/ul>\n<\/li>\n<li><strong>Options<\/strong>\n<ul>\n<li>Leave at defaults<\/li>\n<li>[ X ] Resolve MAC addresses\n<ul>\n<li>Will look up manufacturers of MAC address based on 1st 3 bytes.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Protocol Dissectors<\/h3>\n<ul>\n<li>AKA Decoders<\/li>\n<li>Parse the raw bits of data and try to determine best way to display the output based on the ports.<\/li>\n<li>Sometimes cannot analyze the data due to unknown port (very rare)<\/li>\n<li>More likely, someone spoofing the port, using for another means!\n<ul>\n<li>METASPLOIT &#8211; Exploitation tool kit. Changing the port to make it look like the packet is being used for something harmless.<\/li>\n<\/ul>\n<\/li>\n<li>Dissectors: Edit &gt; Preferences&#8230; &gt; Protocols\n<ul>\n<li>These can be over-ridden. TBDiscussed later.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Navigation<\/h3>\n<p>Starting and Stopping a capture<\/p>\n<ul>\n<li>Capture &gt; Start (Sharkfin icon) or click Sharkfin icon\n<ul>\n<li>Ctrl + E starts and stops<\/li>\n<li>Ctrl + R restarts<\/li>\n<\/ul>\n<\/li>\n<li>Options = Gear\/Life preserver icon (Same as Options in <strong>Capture Filters<\/strong> above)<\/li>\n<li>View &#8211; Not much to change here\n<ul>\n<li>Top section: Packet List<\/li>\n<li>Center section: Packet details<\/li>\n<li>Bottom: Bytes view (Rarely used)\n<ul>\n<li>Good idea to shrink this down or remove from view to add viewing real estate<\/li>\n<li>To remove from view:\n<ul>\n<li>Edit &gt; Preferences &gt; Appearance &gt; Layout &gt; Pane 3: None<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Open PCAP (Folder Icon)<\/li>\n<li>Save \/ Close \/ Reload\n<ul>\n<li>Generally save to pcapng file format<\/li>\n<li>File &gt; Save As &#8230;\n<ul>\n<li>You decide what data to save. Captured or displayed data with options<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Search: Locate packets\n<ul>\n<li>Display filter &#8211; Seldom used<\/li>\n<li>Hex value &#8211; Seldom used<\/li>\n<li>String &#8211; <strong>Most common<\/strong><\/li>\n<li>RegEx &#8211; Good luck \ud83d\ude42<\/li>\n<\/ul>\n<\/li>\n<li>Next \/ Previous &#8211; Seldom used<\/li>\n<li>Go To Packet: Type in the packet #<\/li>\n<li>Scrolling \/ Stop Scroll\n<ul>\n<li>Will keep most recent packets on the screen.<\/li>\n<\/ul>\n<\/li>\n<li>Zoom In \/ Out \/ Reset: Modify font size<\/li>\n<li>Bottom Right: Profiles\n<ul>\n<li>Configure your own views and recall them<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h4>For Fun:<\/h4>\n<ul>\n<li>Help &gt; Sample Captures\n<ul>\n<li>Download and play away to gain experience!<\/li>\n<li>Lots of options to choose from<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Exporting Objects<\/h3>\n<p>Stopping notes here&#8230; need to at least overview the course subject matter.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Ultimate Wireshark Course Main Menu Section 2: Networking Basics Capture Filters Capture &gt; Options Input Define which network cards to capture from Click [ Manage Interfaces ] to select which NICs to show [ X ] Promiscuous Mode: Sniff traffic not intended for your IP Capture Filters: Define which protocols you want to capture. ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/?p=4039\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,85],"tags":[],"class_list":["post-4039","post","type-post","status-publish","format-standard","hentry","category-networking","category-wireshark"],"_links":{"self":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/4039","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4039"}],"version-history":[{"count":7,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/4039\/revisions"}],"predecessor-version":[{"id":4048,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/4039\/revisions\/4048"}],"wp:attachment":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4039"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4039"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4039"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}