Finding the Connection - griffinsnest/tech-Jorunal-1 GitHub Wiki

Getting the IP address of the Browser and how to showcase the connection in Command prompts

---

For this lab, we'll first need to be ping any random browser by its SSID name. In my case I chose reddit.com. From here we will see the given IP address of the browser's server in the command prompt's running of the command, in this case, it is PING reddit.com (151.101.65.140). The first two octets are very important and should be saved somewhere because they are what the next command uses to find the connection to the browser from the device. We do this by using the command netstat -tupan | grep (those first two octets here). This command will provide the TCP connections to the specific IP addresses and port on the device that the Web Browser is using to connect to the website on the machine.

Finding data in Wireshark

---

To find the data showing the TCP connection in Wireshark, simply have the Wireshark capturing before you ping/open any sites on a browser, and filter by using the command tcp.srcport==38322. The first packet that hopefully shows up is a TCP protocol packet that has a destination address and port that matches the address and port found with the previous netstat command. Finally, from here you can follow the TCP Stream by right-clicking the packet, go to the Follow option from the newly opened menu, and clicking the TCP Stream option inside. This will open a new window that shows the give and take between the client and the server.