From the course: Wireshark: Malware and Forensics
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Using statistics - Wireshark Tutorial
From the course: Wireshark: Malware and Forensics
Using statistics
- [Instructor] When doing malware analysis, it's good practice to explore Wireshark Statistics menu choice. We can see that there are many options for analyzing a packet capture. When looking at the statistics choices, we see that there are general statistics that include capture file properties, protocol hierarchy, conversations, endpoints, and IO graphs. In addition, there are protocols specific and advanced statistics. Those include service response times, DNS and HTTP, IP version 4 and IP version 6, flow graphs, and TCP stream graphs. When doing malware analysis, I take a look at a couple of the choices including endpoints. Now this is traffic to and from a single IP address. Conversations, this is traffic between two endpoints. And protocol hierarchy, this helps us to analyze unusual or suspicious protocols on the network. When I met this packet capture, and here I've gotten this capture from a client who…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
Baseline your network4m 11s
-
(Locked)
Displaying data using filters3m
-
(Locked)
Creating complex filters5m 24s
-
(Locked)
Capture filters3m 18s
-
(Locked)
Using statistics3m 14s
-
(Locked)
Save, export, and print6m 28s
-
(Locked)
Coloring rules3m 55s
-
(Locked)
Using a ring buffer4m 24s
-
(Locked)
Challenge: HTTP packets39s
-
(Locked)
Solution: HTTP packets1m 27s
-
(Locked)
Challenge: Firewall rules1m 27s
-
(Locked)
Solution: Firewall rules3m 37s
-
-
-
-