Cracking the Code: Mastering Wireshark Filters for Network Analysis

In our organization, to various measures are taken to ensure that the system is hardened so that security breaches and other security threats are prevented. The measures undertaken to ensure that the system is hardened include; cleaning up of programs. Through this measure unnecessary programs are removed to ensure that the potential penetration points of a hacker are sealed. The second measure is the use of service packs, this ensures that all software installed are up to date and are in their latest version. Patches and the management of patches is another measure taken by the company (Saripalli et al., 2015). The testing planning, implementation and auditing of software is made part of the security arrangement of the organization. The company has also put in place group policies. They ensure that different groups have rights and authorities to access particular parts in the software. The company has also developed security templates, this ensures that there are procedures and guidelines that guide the use of the set groups. The last measure that is implemented by the company is configuration of baselines. This allows for the measuring of the changes that takes place in the system and that which take place in the network. Through this, the company is able to determine the source of the changes and how they were applied.

Topic Two: (Top 10 WireShark Filters)

i. Station filter or the IP filter (ip.addr == 10.0.0.1)

ii. TCP and UDP port filter

iii. TCP port filter (tcp.port == 443)

iv. TCP Problems filter (tcp.analysis.flags)

v. Noise filter (! (arp or icmp or dns))

vi. TCP stream filter (allows following up of one TCP stream)

vii. TCP contains string filter (allows for detecting a particular string in the TCP)

viii. HTTP request filter

ix. HTTP response filter

x. Syn filter (tcp.flags.syn == 1)

References

Haager, J., Sandwith, C., Terrano, J., & Saripalli, P. (2015). U.S. Patent Application No. 14/698,030.