You can use the “Statistics” menu to view all available options. This section provides a quick summary of the processed pcap, which will help analysts create a hypothesis for an investigation. For a security analyst, it is crucial to know how to utilise the statical information. This menu provides multiple statistics options ready to investigate to help users see the big picture in terms of the scope of the traffic, available protocols, endpoints and conversations, and some protocol-specific details like DHCP, DNS and HTTP/2. The domains and IP addresses are included for reference reasons only. DO NOT directly interact with any domains and IP addresses in this room. If you don’t see it, use the blue Show Split View button at the top right of this room page to show it. Access to the machine will be provided in-browser and will deploy in Split View mode in your browser. You don’t need SSH or RDP the room provides a “Split View” feature. In this room, we will cover advanced features of the Wireshark by focusing on packet-level details with Wireshark statistics, filters, operators and functions. In the first room, we covered the basics of the Wireshark by focusing on how it operates and how to use it to investigate traffic captures. Note that this is the second room of the Wireshark room trio, and it is suggested to visit the first room (Wireshark: The Basics) to practice and refresh your Wireshark skills before starting this one. In this room, we will cover the fundamentals of packet analysis with Wireshark and investigate the event of interest at the packet-level.
0 Comments
Leave a Reply. |