What Network Says!! — Analyse Traffic

Prince Prafull
2 min readNov 6, 2022

--

What we need to find:

  • One suspicious service is active on the network find that?
  • Port number of that suspicious service?

Our Lab:

Lets know basic Protocols:

  1. TCP
  2. UDP
  3. HTTP
  4. ARP
  5. DNS

Lets Start with TCP:

  • Put tcp filter in wireshark:
  • We saw that there are many packet of TCP.

See Conversation:

  • Goto Statistics -> Conversation
  • It will display all communication between various IP addresses
  • We found that communication happen on port numbers: 443,80,2022
  • In this 2022 port number seems to be suspicious.

Filter traffic on port number 2022:

  • Use Filter tcp.port == 2022
filter port number 2022

Lets find which service is running on this port number:

  • Right Click on the first packet after applying tcp.port == 2022 filter
  • Follow -> tcp Stream

ITS SSH SERVICE RUNNING ON THAT PORT NUMBER

📞Follow & Contact ME:

https://www.linkedin.com/in/prince-prafull-19a477194

--

--

Prince Prafull

Cyber Security Learner | Web Application Testing | Student