In this paragraph we will go through some of Wireshark's features for analyzing saved traffic.
Features of Online Storage
By selecting Statistics -> Capture File Properties the following window opens.
From this window you can see, among other things.
- Recording start, end, and duration
- General information related to the file
- Total package of recording quantity and other statistics.
Protocol hierarchy
By selecting Statistics -> Protocol Hierarchy , you can see the protocol hierarchy and the percentage of packets related to specific protocols contained in the recording. You can also see how many packets and bytes have been transmitted.
This can help, for example, in a situation where you have a network environment where users complain about slow network connection and performance issues with network services. You want to determine what is causing these problems and which protocols are responsible for the slowdown of network traffic. Or let's imagine that you are responsible for the company's cybersecurity and you want to monitor network traffic to detect potential malicious activities or security-related threats. With this, you could, for example, search for protocols in the traffic that are not typical or expected in that particular network.
Conversations - Discussions statistics
By selecting Statistics -> Conversations you can see the conversations contained in the recording, for example, how many packets have been sent from one address to another address and vice versa. This can help you, for example, if you sort the conversation statistics based on the amount of data from largest to smallest, which can help you identify conversations with high data transfer or unusual traffic volumes.
If you encounter something unusual or want to investigate a specific conversation in more detail, you can set up a search as follows.
Endpoints - Endpoint Statistics
By selecting Statistics -> Endpoints, you will see the statistics of addresses contained in the recording, i.e. how many packets have been caused by a specific address and how many packets have been sent to or from that address.
Ready to become an ethical hacker?
Start today.
As a member of Hakatemia you get unlimited access to Hakatemia modules, exercises and tools, and you get access to the Hakatemia Discord channel where you can ask for help from both instructors and other Hakatemia members.