Wireshark Tool - singirikondamani/Noted GitHub Wiki

Wireshark tools filter List as shown in below

Searching services from filter search tcp, http, or whatever we went

• Filter based on the specific Ip address: ip.addr==192.168.9.9
• Filter based on the specific mac address : eth.addr= =00:08:hd:sh:sj
• Filter based on the TCP port : tcp.port ==80
• Filter based on the UDP port: udp.port==53
• Logical operation: **and or not = && || ! **
• Filter based on port and IP: tcp.port==80 and ip.addr==192.168.9.1
• Filter based on either : tcp.port==443 or tcp.port==80
• Filter based on NOT : not ip.addr == 192.34.33.2
• ftp.request.command == "USER" || ftp.request.command == "PASS"
• For example if senior ask to find the security message sent over the network how your going to find it like first step what is the IP is suspected and filter that Ip using filter option and ip.addr==suspected ip and observer the console and check dest Ip with suspected ip and click and check the data console and usually noted the first letter and keep on going until found the answer.
• Wireshark can give attack sensitivity as well. For example, a company detected that a mobile application DoS attack happened and they wanted to identify by sensitivity so just going to - Analyzer from the menu bar and navigate to expert information - pop-up shows the sensitivity by analyzing the logs .
• For the IoT and OT devices need to use the filter mqtt (for MQTT protocol), http (for HTTP traffic), coap (for CoAP protocol) -Find the public element