[Project] Applying Various Filters in Wireshark

I use the sample capture called “Packet capture.pcapng”
capture TCP packet by typing “tcp” in apply a display filter to analyze the specific traffic.
In order to view destined IP address, type “ip.addr == 192.168.0.253” to filter specific IP address
it is also possible to filter port number by filtering
“tcp.port == 80” to see only port 80 related traffic or “tcp.srcport == 443” to see only traffic comes from the specific port. It is possible to see the packets that are not traversing on the specified port(443 this case) by typing !(tcp.port == 443).
To check tcp traffic with specific flag, apply filter “tcp.flags & 0x012”

The objective of this lab is to capture and analyze IoT traffic using Wireshark.

I installed MQTT explorer to establish a connection with IoT devices.
Configure Wireshark

the connection can be captured by Wireshark, and it is a clear text showing such Protocol name, version, and client ID.

IoT devices often communicate with an insecure protocol such as HTTPS. Therefore, it is essential to secure protocol using SSL/TLS connections to encrypt the traffics. The system administrator should understand how IoT devices can be intercepted by an attacker and the countermeasures against it.

The objective is to identify Target System OS with TTL and TCP Window Sizes using Wireshark

Time to Live value Windows = 128
Linux = 64
Cheat sheet

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store