What Network Says!! — Analyse Traffic
2 min readNov 6, 2022
What we need to find:
- One suspicious service is active on the network find that?
- Port number of that suspicious service?
Our Lab:
- Wireshark (recommended)
- SAMPLE: https://mega.nz/file/o34CASjA#0qB-J_r_0jfaadXcoU_JZSMkpEd9JUxI_hP_Q6CxOBo
Lets know basic Protocols:
- TCP
- UDP
- HTTP
- ARP
- DNS
Lets Start with TCP:
- Put tcp filter in wireshark:
- We saw that there are many packet of TCP.
See Conversation:
- Goto Statistics -> Conversation
- It will display all communication between various IP addresses
- We found that communication happen on port numbers: 443,80,2022
- In this 2022 port number seems to be suspicious.
Filter traffic on port number 2022:
- Use Filter tcp.port == 2022
Lets find which service is running on this port number:
- Right Click on the first packet after applying tcp.port == 2022 filter
- Follow -> tcp Stream
