[Project] Applying Various Filters in Wireshark

Takahiro Oda
Dec 19, 2021


The objective is to become familiar with Wireshark

I use the sample capture called “Packet capture.pcapng”
capture TCP packet by typing “tcp” in apply a display filter to analyze the specific traffic.
In order to view destined IP address, type “ip.addr ==” to filter specific IP address
it is also possible to filter port number by filtering
“tcp.port == 80” to see only port 80 related traffic or “tcp.srcport == 443” to see only traffic comes from the specific port. It is possible to see the packets that are not traversing on the specified port(443 this case) by typing !(tcp.port == 443).
To check tcp traffic with specific flag, apply filter “tcp.flags & 0x012”

situation 1

The objective of this lab is to capture and analyze IoT traffic using Wireshark.

I installed MQTT explorer to establish a connection with IoT devices.
Configure Wireshark

the connection can be captured by Wireshark, and it is a clear text showing such Protocol name, version, and client ID.

IoT devices often communicate with an insecure protocol such as HTTPS. Therefore, it is essential to secure protocol using SSL/TLS connections to encrypt the traffics. The system administrator should understand how IoT devices can be intercepted by an attacker and the countermeasures against it.

Situation 2

The objective is to identify Target System OS with TTL and TCP Window Sizes using Wireshark

Time to Live value Windows = 128
Linux = 64
Cheat sheet