number of web sessions, DNS interactions information from a capture file

asked 2019-02-26 16:37:05 +0000

Joo gravatar image

Hi all, I have a capture file and i want to know some information from it to answer the following questions. How many web sessions have been captured in the file? Are there any DNS interactions in the file? If no explain why you reached that conclusions, else show samples. Can you find any usernames and/or passwords (you have permission to look for such information in this file

edit retag flag offensive close merge delete

Comments

Presumably this is a homework question. What have you tried so far?

grahamb gravatar imagegrahamb ( 2019-02-26 16:48:45 +0000 )edit

I get only number of TCP and UDP sessions But i could not know how determine number of web session and know its contents.

Joo gravatar imageJoo ( 2019-02-26 17:05:18 +0000 )edit

So what defines a web session, maybe the protocol?

grahamb gravatar imagegrahamb ( 2019-02-26 17:29:36 +0000 )edit

HTTP right ?? and how to detect DNS interactions?

Joo gravatar imageJoo ( 2019-02-26 17:37:52 +0000 )edit

Correct, DNS is a protocol as well and Wireshark display filters can be used to limit the display to a particular protocol and then the Statistics -> Conversations dialog can be used to get a summary of the interactions (check the "Limit to display filter" box).

grahamb gravatar imagegrahamb ( 2019-02-26 17:43:05 +0000 )edit