INSTALLATION GUIDE

STEP1 : Search Wireshark in Google

STEP 2 : Click Download Button

STEP 3 : Click the “Windows x64 Installer”, It will start automatically to
download into your PC

STEP 4 : Open the Downloaded File

STEP 5 : Click “NEXT”

STEP 6: Click “NEXT”

STEP 7 : Click “NEXT”

STEP 8 : Click “NEXT” or [ IF UR PC DOESN’T HAVE NPCAP CLICK THE

OPTION INSTALL NPCAP 1.71 and CLICK “NEXT”]
STEP 9 : Click “INSTALL” or [ IF UR PC DOESN’T HAVE NPCAP CLICK THE
OPTION INSTALL USBPcap 1.5.4.0 and CLICK “INSTALL” ]

STEP 10 : DOWNLOAD PROCESS HAS STARTED

STEP 11 : CLICK “NEXT” option after Successfull Installation Setup.

STEP 12 : REBOOT YOUR PC FOR FINAL STEP OF INSTALLATION

APPLICATION INTRODUCTION GUIDE
OPEN THE APPLICATION IN WINDOWS AND I HAVE CONNECTED MY LAPTOP WITH WIFI

CAPTURING FROM WIFI

SELECTED PACKET DETAILS ARE BRIEFLY DISPLAYED HERE
WE SELECT PAKCET NUMBER 139

THE RIGHT PANEL SHOWS THE PANEL BYTES IN DEFAULT HEXADECIMAL FORMAT
THE TIME COLUMN DISPLAYS THE TIME OF THE PACKETS CAPTURED

THE SORUCE COLUMN AND DESTINATION COLUMN DISPLAYS THE IP ADDRESS OF THE
SENDER AND RECEIVER RESPECTIVELY
THE PROTOCOL COLUMN DISPLAY THE TYPE OF THE PACKET AND THE LENGTH COLUMN
DISPLAY THE LENGTH OF THE PACKETS IN BYTES

THE INFO COLUMN DISPLAYS THE BRIEF OVERVIEW OF THE CAPTURED PACKET
CAPTURE OPTIONS FOR DISPLAYING THE REQUIRED NETWORK PACKETS

HERE WE TYPE THE PAYLOAD IN THE STRING OPTION AND FIND AS WE CAN THE PACKETS
CONTAINING PAYLOAD ARE DISPLAYED HERE
WE USE FILTER HERE AND SAY THE WIRESHARK TO DISPLAY THE PACKETS THAT CONATINS
“http” AND IT CONTROLS THE NETWORK TRAFFIC

WE USE FILTER HERE AND SAY THE WIRESHARK TO DISPLAY THE PACKETS THAT CONATINS
“ARP PROTOCOL “ AND IT CONTROLS THE NETWORK TRAFFIC
WE USE MULTIPLE FILTERING ALSO

WE USE NOT OPERATION IN FILTER ALSO “ NOT TCP”

HERE IT DISPLAYS THE PACKETS EXCEPT TCP

ADVANCED FILTERING COMMAND

IP ADDER COMMAND FOR DISPLAYING THE PACKETS OF THIS IP ADRESS SENT OR RECIVED
Wireshark is a powerful network protocol analyzer that allows you to capture
and interactively browse the traffic running on a computer network. Using
Wireshark's display filter, you can precisely define the criteria for the network
packets you wish to analyze. Here are some common filter commands used in
Wireshark:

Basic Filters:
1. IP Address: Filter packets based on a specific IP address.
- `ip.addr == 192.168.1.1`

2. Source or Destination IP Address: Filter packets based on source or

destination IP address.
- `ip.src == 192.168.1.1`
- `ip.dst == 192.168.1.1`

3. TCP Port: Filter packets based on a specific TCP port.

- `tcp.port == 80`

4. UDP Port: Filter packets based on a specific UDP port.

- `udp.port == 53`

5. HTTP Traffic: Filter HTTP traffic.

- `http`

6. Filter by Protocol: Filter by a specific protocol (e.g., TCP, UDP, ARP, ICMP).
- `tcp`, `udp`, `arp`, `icmp`

Advanced Filters:

1. Logical AND: Combine filters using 'and'.

- `ip.addr == 192.168.1.1 and tcp.port == 80`

2. Logical OR: Combine filters using 'or'.

- `ip.addr == 192.168.1.1 or ip.addr == 192.168.1.2`
3. Negation: Use 'not' to negate a filter.
- `not ip.addr == 192.168.1.1`

4. Filter by Protocol and Port: Combination of protocol and port filters.

- `tcp.port == 80 and http`

Display Filter Operators:

- `==`: Equal to
- `!=`: Not equal to
- `<`, `>`: Less than, greater than
- `<=`, `>=`: Less than or equal to, greater than or equal to

Display Filter Expression Examples:

- `tcp.port == 443 and ip.addr == 8.8.8.8`: Filter TCP traffic on port 443 with the
IP address 8.8.8.8.
- `ip.addr == 192.168.0.1 and not udp`: Filter packets with the IP address
192.168.0.1 that are not UDP.
- `tcp contains "password"`: Filter TCP packets containing the string
"password".

These are just a few examples of the filtering capabilities in Wireshark. You
can create complex filters by combining different criteria to precisely pinpoint
the packets you want to analyze.

For More Filtering Option

wireshark-filter(4)

Wireshark Cheat Sheet - Commands, Captures, Filters, Shortcuts & FAQs (comparitech.com)

DisplayFilters (wireshark.org)

How to Use Wireshark to Capture, Filter and Inspect Packets (howtogeek.com)

Applications of Wireshark in Cyber Forensic:

Wireshark is a versatile and powerful tool with numerous real-world
applications in various domains. Below are a few Wireshark examples:

1. Network Troubleshooting: Wireshark is commonly used by network

administrators and IT professionals to diagnose and troubleshoot network
issues. It allows them to capture and analyze network traffic, identify
bottlenecks, detect anomalies, and resolve performance problems.
2. Security Analysis: Wireshark plays a crucial role in cybersecurity. It
helps security analysts analyze network traffic for potential threats, such
as suspicious behavior, malware infections, or unauthorized access
attempts.
3. VoIP Analysis: In the realm of Voice over IP (VoIP) systems, Wireshark
is used to capture and analyze VoIP traffic. It helps identify call quality
issues, diagnose network-related problems, and optimize VoIP
communication for businesses and service providers.
4. Protocol Development and Testing: Wireshark is extensively used by
developers and testers in the development and testing of network
protocols. It allows them to monitor and analyze protocol behavior,
ensure proper implementation, and identify any issues or inefficiencies.
5. Network Performance Optimization: Wireshark helps optimize
network performance by capturing and analyzing network traffic. It aids
in monitoring bandwidth usage, identifying latency issues, optimizing
network configurations, and ensuring efficient utilization of resources.
6. Educational and Research Purposes: Wireshark is widely used in
academic and research settings to study network protocols, analyze
network behavior, and conduct experiments. It provides a hands-on
approach to understanding network communications and serves as a
valuable learning tool.