forked from andrewjkerr/security-cheatsheets
-
Notifications
You must be signed in to change notification settings - Fork 255
/
wireshark
24 lines (17 loc) · 830 Bytes
/
wireshark
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# To start capturing packets on a specified interface
Capture>"Interfaces ...">[Select interface(s)]>Start
# To stop a running capture to analyze the packets
Capture>Stop
# To apply a filter from selected packets in a current or previous capture session
[Right click packet]>"Apply as filter">[Select options]
# To start a session that will only capture packets destined for your device
Capture>"Options...">[Uncheck "Use promiscuious mode on all interfaces"]>Start
# To view all packets of a TCP/UDP/SSL stream
[Right click packet]>"Follow <TCP/UDP/SSL> stream"
# To manage decryption keys to decrypt encrypted streams
View>"Wireless Toolbar" then
"Wireless Toolbar">"Decryption Keys..."
# To view only traffic on the LAN
"ip.src==10.0.0.0/8 and ip.dst==10.0.0.0/8"
# To view traffic on a specific port
"tcp.port eq 443"