We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
SAINTCON 2023 - Kyle Feuz - Wireshark 101
Understand your network traffic with a comprehensive introduction to Wireshark, covering capture and display filters, colorization rules, statistics, and more.
- The importance of understanding what normal looks like on your network to identify anomalies.
- Filtering in Wireshark can be done on any field and protocol.
- Capture filters are different from display filters, with capture filters being used during capture and display filters being used during analysis.
- Colorization rules can be used to highlight specific traffic and make analysis easier.
- Statistics can be used to get an overview of a capture file, such as the number of packets and conversations.
- Wireshark has multiple tabs for different levels of analysis, including protocol, TCP, and UDP.
- Capture files can be loaded into Wireshark to analyze network traffic.
- Pre-shared master secrets can be saved to a file and used to decrypt traffic.
- Wireshark has a builder/wizard tool to help create complex filters.
- Coloring rules can be customized to highlight specific traffic.
- Display filters can be used to limit what is shown in the packet list.
- Capture filters can be used to capture specific traffic and limit what is captured.
- Wireshark has multiple interfaces that can be used to capture traffic, including Ethernet, Wi-Fi, and more.
- It is important to understand the different stages of networking, including layer 2, 3, and 4.
- Wireshark has a statistics feature that can be used to get an overview of a capture file.
- WiFi signals can be picked up and viewed using Wireshark.
- SSL key log files can be used to decrypt traffic.
- Wireshark can be used to analyze network traffic and identify issues.
- Filters can be saved as bookmarks for easy recall.
- Wireshark has a “selected” feature that allows filters to be referenced and used in other parts of the application.