Network Security Quick Start

What is Wireshark?

Show ▼

A network protocol analyzer used for network troubleshooting, analysis, software and communications protocol development, and education.

What is the difference between a Capture Filter and a Display Filter?

Show ▼

Capture filters limit what is recorded by Wireshark - Display filters limit what is seen on the screen after capturing.

What is the syntax to filter for IP address 192.168.1.1 in a display filter?

Show ▼

ip.addr == 192.168.1.1

How do you filter for HTTP traffic?

Show ▼

http

What does "Promiscuous Mode" do?

Show ▼

It allows the network card to capture all traffic on the network segment, not just traffic addressed to the machine running Wireshark.

What is the display filter to find packets with a specific text string?

Show ▼

frame contains "search_string"

How to filter for TCP port 80?

Show ▼

tcp.port == 80

Which library does Wireshark use for packet capturing on Linux/Unix?

Show ▼

libpcap

Which library does Wireshark use for packet capturing on Windows?

Show ▼

Npcap (formerly WinPcap)

What is the logical operator for "AND" in display filters?

Show ▼

&& or and

What is the logical operator for "OR" in display filters?

Show ▼

|| or or

What is the logical operator for "NOT" in display filters?

Show ▼

! or not

Network Security Quick Start

Preview Cards

What is Wireshark?

What is the difference between a Capture Filter and a Display Filter?

What is the syntax to filter for IP address 192.168.1.1 in a display filter?

How do you filter for HTTP traffic?

What does "Promiscuous Mode" do?

What is the display filter to find packets with a specific text string?

How to filter for TCP port 80?

Which library does Wireshark use for packet capturing on Linux/Unix?

Which library does Wireshark use for packet capturing on Windows?

What is the logical operator for "AND" in display filters?

What is the logical operator for "OR" in display filters?

What is the logical operator for "NOT" in display filters?