Wireshark 101: Expressions, Haktip 118
ฝัง
- เผยแพร่เมื่อ 25 ก.ค. 2024
- Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
On this HakTip, Shannon Morse covers the syntax of filters and expressions for Wireshark.
When discussing the OSI Model - several TH-cam fans said they memorize it in fun ways, such as: Cross Over with "Please Do Not Throw Sausage Pizza Away", Megapadzz used "Princess Diana Never Tried Shagging Prince Andrew" and for the data type on each layer "But Fergie Proclaims She Did Did Did for Bits, Frames, Packets, Segments, Data, Data, Data", Ramuk uses "All People Seem To Need Data Processing", and Ben uses "Pew dead ninja turtles smell particularly aweful"!
Moving on, today we're totally focusing on Expressions. First let's break down the syntax. Each syntax is called an expression, and the expression has a bunch of parts. I have a couple of parts called primitives, and those primitives are divided up by operators. Each primitive can have a qualifier in it as well as an ID. Operators can be &&, || or ! (which mean AND, OR, and NOT). Qualifiers can either be Type (which would be like host, net or port). These identify what the ID refers to. Dir (src, dst). Dir tells you whether the transfer is to or from the ID. Or Proto (ether, tcp, udp, http, ftp). This is a particular protocol. I've printed out a cheat sheet for all of these. Since there are SO MANY display filters that you can use, it's pretty common to find posters like this on the internet free for use.
Let me know what you think. Send me a comment below or email us at tips@hak5.org. And be sure to check out our sister show, Hak5 for more great stuff just like this. I'll be there, reminding you to trust your technolust.
~-~~-~~~-~~-~
Please watch: "Bash Bunny Primer - Hak5 2225"
• Bash Bunny Primer - Ha...
~-~~-~~~-~~-~
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong. - วิทยาศาสตร์และเทคโนโลยี
really guys can't you put the links in the discription REALLY
This was explained extremely clearly....really nice work Mrs. Morse.
I memorized all of them!!! Wait... what were we talking about?
crisp presentation
There's some cleartext logins going on over my college network. I tried to get some on my laptop with wireshark to show the admins, but it seems they've found the problem, and blocked their own website on the WiFi network rather than using SSL.
I'm testing my wireshark setup at home, though, as I saw much less traffic than I expected on the WiFi, and it seems that I can't see any cleartext HTTP when I'm using other WiFi devices on my network. In fact I barely see anything coming from other devices. Wireshark says my interface does not support monitor mode, but I can get to it fine with airmon-ng. I used wireshark with mon0 from airmon-ng, and that did the same thing. I'm pretty stuck as to why I'm not able to read traffic from other devices.
Can you make a tutorial about "subterfuge". Thank you.
My job description : IT Ninja
please share the .pcapng file when explaining. Else it would be hard. IF possible please upload it ASAP
The wifi pineapple is in Karma Mode. :-)
Keith Barker
Looks like the person the example was from was on a Sony mobile computer?
A Sony Xperia phone to be exact. Nice job!
@1:32 it is not zero-times-zero-four... it is 4-in-hex or hexadecimal-4. It's a value in a wireshark expression, but it is not a mathematical expression. Are you reading from a script or do you really understand this...
who gives a flying sausage (besides you, of course)