This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SSH connection, web browser and TTL

0

Hello, I haven't been unable to figure out the following:

a) If there was an SSH connection.

b) If a web browser was used ( like which one )

c)How many packages have a TTL ( time to Live) in a certain range.

d) How do I find out if there was a peer-to-peer file sharing ?

Does anyone know ? I can't find this anywhere.

asked 26 Jan '15, 05:59

Xandi's gravatar image

Xandi
11225
accept rate: 0%

edited 26 Jan '15, 06:05

Jasper's gravatar image

Jasper ♦♦
23.8k551284


One Answer:

1

Some hints (we usually don't solve homework assignments):

a) determine the TCP or UDP port SSH runs on. Filter for that port, check if anything shows up. If it does, you found one. b) web browsers use HTTP. Find the port for that. Filter on it. Check user agent strings. c) easiest would be to add a column for this. Find a TTL field, use pop up menu to "Apply as column" d) check if there is SMB/CIFS in the capture (find the port, filter, yada yada yada)

If you "can't find this anywhere" you haven't really put any time into it, so take the hints and use them. It takes probably 15-30 minutes to do all this if starting from scratch.

answered 26 Jan '15, 12:37

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Just need get familiar with the program. Thank you

(26 Jan '15, 23:58) Xandi