Tips for an Information Security Analyst/Pentester career - Episode 5: Wireshark basics (part 1)
When opening the software, you're presented with a list of all available network interfaces.
Wireshark supports very powerful filters allowing to sift through the traffic based on protocol, source port and destination port.
NOTE: The format is protocol.destinationport (or sourceport)==portnumber.
If we wanted to filter by source port, we would have tcp.srcport there. If we wanted, instead, to filter out both inbound and outbound traffic to port 443, we could use the following filter:
However, we can decypher this stream with Wireshark, as explained here or also here.
In the above case, the connection was reset, as we performed a stealth scan.
You can't use a write-blocking device or a read-only mode Live CD as you'd do when analyzing an operating system.
The stronger your foundation, the better.