Go > Go To Packet Inserisci il numero di un determinato pacchetto
Statistics > resolved Addressed > HostsThis option helps analysts identify IP addresses and DNS names available in the capture file by providing the list of the resolved addresses and their hostnames.
Statistics > Protocol Hierarchy This option breaks down all available protocols from the capture file and helps analysts view the protocols in a tree view based on packet counters and percentages. Thus analysts can view the overall usage of the ports and services and focus on the event of interest.
Statistic > Conversations Conversation represents traffic between two specific endpoints. This option provides the list of the conversations in five base formats; ethernet, IPv4, IPv6, TCP and UDP. Thus analysts can identify all conversations and contact endpoints for the event of interest.
Statistics > Endpoints The endpoints option is similar to the conversations option. The only difference is that this option provides unique information for a single information field (Ethernet, IPv4, IPv6, TCP and UDP ). Thus analysts can identify the unique endpoints in the capture file and use it for the event of interest.
Wireshark also supports resolving MAC addresses to human-readable format using the manufacturer name assigned by IEEE. Note that this conversion is done through the first three bytes of the MAC address and only works for the known manufacturers. When you review the ethernet endpoints, you can activate this option with the"Name resolution"button in the lower-left corner of the endpoints window.
Tools > Firewall ACL Rules Wireshark can create rules for: Netfilter (iptables), Cisco IOS,IP Filter (ipfilter),IPFirewall (ipfw),Packet filter (pf),Windows Firewall
Filters Elenco dei filtri che si possono applicare
There are a few things to remember about the NetworkMiner: Don't use this tool as a primary sniffer. Use this tool to overview the traffic, then move forward with Wireshark and tcpdump for a more in-depth investigation.