how can we find out all conversation pertaining to one session,say for e.g.during a communication betweeen a-b,in between the session a also commmunicates with C lets say for authenticatioin,how could we find out this with just reading wireshark capture.Kishan asked 27 Apr '13, 23:01  kishan pandey |
2 Answers:
You could use the items in the statistics menu of Wireshark, e.g the conversation statistics which will give you a list of conversation between nodes. If you're interested in a timeline of who is talking to who you might also find the Flow Graph useful, which you can also find in the Statistics menu. answered 28 Apr '13, 01:18  Jasper ♦♦ |
unless you define a 'session', it's hard to tell what look for.
As there could be several systems involved (a,b,c) and several protocols (authentication, etc.) the only way to match those 'related' connections to one 'session' is to understand the protocols and systems/infrastructure (auth server, etc.) involved. Without that protocol/infrastructure knowledge, you will be unable to tell if a connection from a -> c is somehow related to your 'session' or just triggered by another action/application at the same time. To sum it up: Wireshark is a tool that helps you to monitor the network communication. It has some statistics and some other modules that can help to analyze a problem, but the rest is the job of an analyst, meaning you need to have good knowledge of networking protocols, you need to know your network infrastructure very well and you need to know your applications very well. Regards answered 28 Apr '13, 03:39  Kurt Knochner ♦ edited 28 Apr '13, 03:48 |
Currently i am doing it the same way but i thought that there could be a more efficient way.