Wireshark 101: Expressions Examples, HakTip 121

Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005: ____________________________________________ On this week's episode of HakTip, Shannon Morse gives several expression examples that you can use when working within the Display Filter Box. Today is all about expression examples. It's a little weird to work within the boundaries of this little text box, and what it'll accept. Throughout the years, Wireshark has been updated and so has the syntax of the expressions it'll accept. Today, I'm using Wireshark v. 1.12.1. I'll start with some hostname and addressing filters. I ran a Wifi Packet Capture on my network and I want to find all the packets related to a source of xxx.xxx.xxx.xxx. I'll type ip.src == 192.168.1.180. This tells Wireshark I'm looking for a source IP that is equal to xxx.xx.xxx.xxx. If I change this to ip.src_host I'll get pretty much the same output. If I change it to ip.addr, I'll get anything that relates to that IP address, or ip.dst will give me just destination outputs. If you're on an IPV6 network, change IP to ipv6. And change the IP address to the ipv6 address you're looking for. It'll look like 2001:0db8:0000:0000:0000:ff00:0042:8329 with 8 groups of 16 bits each. If you can packet capture using DNS host names, you can type ip.host == nameofthehost. Now try ip.addr == 192.168.1.0/24 and this will show anything on that network within that range. Since I'm on an ipv4 network, I can also do about a hundred other options... I should mention that it would be incredibly hard to memorize them all, so go to [email protected]. And be sure to check out our sister show, Hak5 for more great stuff just like this. I'll be there, reminding you to trust your technolust. -~-~~-~~~-~~-~- Please watch: "Bash Bunny Primer - Hak5 2225" https://www.seevid.ir/fa/w/8j6hrjSrJaM -~-~~-~~~-~~-~- ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.

• #science_technology
• #gadgets
• #hack
• #hack_tip
• #hack_tips
• #hacks
• #hak5
• #jailbreak
• #tech
• #technology
• #technolust
• #shannon_morse
• #snubs
• #haktip
• #wireshark
• #display_filters
• #expressions
• #packet_capture
• #ip
• #http
• #tcp
• #udp
• #arp
• #port