--- tags: wireshark,pcap --- 最近剛好有需要分析pcap的需求,很久沒用wireshark了,做個筆記複習一下! # 懶人分析法 PCAP File Analysis online * A-Packets https://apackets.com/ 無須註冊,但上傳後analysis reports will become publicly visible to anyone ![](https://hackmd.io/_uploads/rkMQuOB-p.png) * DynamiteLab https://lab.dynamite.ai/ 需登入,檔案上限75MB,呈現的資訊跟A-Packets很不一樣? ![](https://hackmd.io/_uploads/B1qoaOSba.png) # Wireshark Filters Tips 利用Wireshark過濾資訊,常用如下 1. ip.addr == 10.0.0.1 2. tcp or dns 3. tcp.port == 443 4. tcp.analysis.flags TCP Analysis flags會新增至「SEQ/ACK 分析」下的 TCP 協定樹。 ![](https://hackmd.io/_uploads/Sk4_lVNb6.png) 5. !(arp or icmp or dns) 排除特定協定 6. follow tcp stream 7. tcp contains "facebook" 8. http.response.code == 200 9. http.request 或 http.request.code == 200 10. tcp.flags.syn == 1 11. tcp.flags.reset ==1 (代表可能被scan的ip) 12. tcp.port in {80,443,8000..8005} (多個port的表示方式) ## Threat Hunt ### 過濾正常封包 `!(arp or stp or lldp or cdp or eth.addr==ff:ff:ff:ff:ff:ff or dns or tcp.port in {443,80})` ### Packet loss `(tcp.analysis.flags) && !(tcp.analysis.window_update)` ### Slow DNS dns.time > 0.2 ### 特定國家IP ip.geoip.country_iso == "UK" --- ### Ref: Top 10 Real World Wireshark Filters you need to know https://www.youtube.com/watch?v=26MAaX2ldnI
Last changed by  
PW C
296

Read more

Top 12 Tips For API Security

整理From

4/25/2024
Generative AI Overview for Project Managers

Introduction to GenAI

11/1/2023
Container Image has a lot Vulnerabilities!!

以下內容整理自CNCFMy Container Image has 500 Vulnerabilities, Now What? - Matt Jarvis, Snykhttps://www.youtube.com/watch?v=1fO_xSnwDPg

4/7/2023
Facebook上的詐騙廣告為何這麼多?

如果要在FB投放一個Scam AD,需要 先有一個FB帳號 先有一個假的產品、商品、觀念等 假的圖片、移花接木的圖片、指鹿為馬用的圖片 將這些東西放到假的網站 申請將這個網站放上FB廣告 FB審核通過 推廣至目標客群/受眾(Target Audience, TA)

2/4/2023
Read more from PW C
Published on HackMD