Un exemple de filtre de capture (réduit sélectivement le nombre de paquets capturés) :
not icmp and not port 80 and host 192.168.0.1
Un exemple de filtre d'analyse (réduit le nombre de paquets capturés effectivement affichés par wireshark) :
tcp.dstport != 389 && tcp.srcport != 389
Un exemple de quelques paquets capturés, exportés au format texte plat :
No. Time Source Destination Protocol Info
1 0.000000 192.168.28.101 192.168.33.200 NBSS NBSS Continuation Message
Frame 1 (55 bytes on wire, 55 bytes captured)
Ethernet II, Src: DellComp_e9:79:6d (00:b0:d0:e9:79:6d), Dst: Cisco_af:54:80 (00:0e:39:af:54:80)
Internet Protocol, Src: 192.168.28.101 (192.168.28.101), Dst: 192.168.33.200 (192.168.33.200)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 2384 (2384), Seq: 0, Ack: 0, Len: 1
NetBIOS Session Service
No. Time Source Destination Protocol Info
2 0.000167 192.168.33.200 192.168.28.101 TCP 2384 > microsoft-ds [ACK] Seq=0 Ack=1 Win=16416 Len=0
Frame 2 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_af:54:80 (00:0e:39:af:54:80), Dst: DellComp_e9:79:6d (00:b0:d0:e9:79:6d)
Internet Protocol, Src: 192.168.33.200 (192.168.33.200), Dst: 192.168.28.101 (192.168.28.101)
Transmission Control Protocol, Src Port: 2384 (2384), Dst Port: microsoft-ds (445), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Info
3 50.147719 192.168.33.200 192.168.28.101 CLDAP searchRequest(1623) "" baseObject
Frame 3 (165 bytes on wire, 165 bytes captured)
Ethernet II, Src: Cisco_af:54:80 (00:0e:39:af:54:80), Dst: DellComp_e9:79:6d (00:b0:d0:e9:79:6d)
Internet Protocol, Src: 192.168.33.200 (192.168.33.200), Dst: 192.168.28.101 (192.168.28.101)
User Datagram Protocol, Src Port: 4141 (4141), Dst Port: ldap (389)
Connectionless Lightweight Directory Access Protocol
No. Time Source Destination Protocol Info
4 50.148035 192.168.28.101 192.168.33.200 CLDAP searchResEntry(1623)
Frame 4 (212 bytes on wire, 212 bytes captured)
Ethernet II, Src: DellComp_e9:79:6d (00:b0:d0:e9:79:6d), Dst: Cisco_af:54:80 (00:0e:39:af:54:80)
Internet Protocol, Src: 192.168.28.101 (192.168.28.101), Dst: 192.168.33.200 (192.168.33.200)
User Datagram Protocol, Src Port: ldap (389), Dst Port: 4141 (4141)
Connectionless Lightweight Directory Access Protocol
No. Time Source Destination Protocol Info
5 50.250434 192.168.33.200 192.168.28.101 KRB5 TGS-REQ
Frame 5 (1307 bytes on wire, 1307 bytes captured)
Ethernet II, Src: Cisco_af:54:80 (00:0e:39:af:54:80), Dst: DellComp_e9:79:6d (00:b0:d0:e9:79:6d)
Internet Protocol, Src: 192.168.33.200 (192.168.33.200), Dst: 192.168.28.101 (192.168.28.101)
User Datagram Protocol, Src Port: 4142 (4142), Dst Port: kerberos (88)
Kerberos TGS-REQ
Commentaires
Responsable thématique précédent
Cette fiche a d'abord été suivie par le responsable thématique Jacquelin Charbonnel. Gilian Gambini l'a reprise en février 2012.