This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello, I haven't been unable to figure out the following:

a) If there was an SSH connection.

b) If a web browser was used ( like which one )

c)How many packages have a TTL ( time to Live) in a certain range.

d) How do I find out if there was a peer-to-peer file sharing ?

Does anyone know ? I can't find this anywhere.

asked 26 Jan '15, 05:59

Xandi's gravatar image

Xandi
11225
accept rate: 0%

edited 26 Jan '15, 06:05

Jasper's gravatar image

Jasper ♦♦
23.8k551284


Some hints (we usually don't solve homework assignments):

a) determine the TCP or UDP port SSH runs on. Filter for that port, check if anything shows up. If it does, you found one. b) web browsers use HTTP. Find the port for that. Filter on it. Check user agent strings. c) easiest would be to add a column for this. Find a TTL field, use pop up menu to "Apply as column" d) check if there is SMB/CIFS in the capture (find the port, filter, yada yada yada)

If you "can't find this anywhere" you haven't really put any time into it, so take the hints and use them. It takes probably 15-30 minutes to do all this if starting from scratch.

permanent link

answered 26 Jan '15, 12:37

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Just need get familiar with the program. Thank you

(26 Jan '15, 23:58) Xandi
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×25
×23

question asked: 26 Jan '15, 05:59

question was seen: 1,872 times

last updated: 27 Jan '15, 01:40

p​o​w​e​r​e​d by O​S​Q​A