Now that you have mastered Wireshark’s basic concepts, you will probably be keen to explore its advanced features. We can use the epoch converter online tool to get the date.įig 3: Displaying the date and time information on the router Security-based analysis Accumulating the information (in this case, a Cisco implementation) along with more data leads us to the concept of epoch time. Thus, we start searching for cryptographic information from the packets with filter OSPF (See Quick and dirty Wireshark tutorial).įig 2: Cryptographic information in a packetĪ quick conversion of the cryptographic sequence number (0x2b915351) from hex to decimal gives 730944337. With more information about the router having a RFC 2328 Section D.3 implementation, we conclude that the OSPF protocol contains timestamp information from the system, while Section D.3. On looking through ICMP, we realize that it doesn’t contain any timestamp SMB is also not from the router. The dump file had Internet control message protocol (ICMP), service message block (SMB), and open shortest path first (OSPF) as the prominent protocols. Our first task is to find the protocol that contains time information. Here’s how a pcap file looks in Wireshark. This section of Wireshark tutorial will help you analyze packets. Exploring Wireshark’s packet analysis capabilities
0 Comments
Leave a Reply. |