OSI Layers in Wireshark

Logical Operators

• and / && – Logical AND
• or / || – Logical OR
• eq / == – Equal to
• ne / != – Not equal to
• gt / > – Greater than
• gt / > – Greater than
• lt / < – Less than
• not / ! – Logical NOT

Important Statistics to Check

Wireshark's statistics tools can be helpful for general analysis .

• Conversations: Displays active conversations between endpoints (IP or MAC). This is useful for identifying connections and traffic volumes.
  • Path: Statistics > Conversations
• Protocol Hierarchy: Shows the breakdown of protocols used in the capture, making it easy to spot unusual or unexpected protocols.
  • Path: Statistics > Protocol Hierarchy
• I/O Graphs: Provides a visualization of packet rates over time, which can reveal spikes or drops often associated with attacks or network events.
  • Path: Statistics > I/O Graphs

Filters

IP Address Filters

• Specific IP address: ip.addr == <IP>