From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 2 Security Monitoring

Unlock the full course today

Join today to access over 24,100 courses taught by industry experts.

Understanding conversations and endpoints

Understanding conversations and endpoints

From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 2 Security Monitoring

Start my 1-month free trial Buy for my team

Understanding conversations and endpoints

- [Instructor] Once you begin capturing traffic, Wireshark keeps track of all the connections or streams. Now, once you have a connection, your operating system creates a socket, which is an IP address and a port. And if we drop down TCP, you can see stream index zero. Well now, we know there's no field value called stream index. It's Wireshark's way of keeping track of all your connections. Now, if you wanted to see all your active connections on a Window machine, we would open a command line and run netstat -an. Now once you run that command and I'll scroll up, you'll be able to see all your active connections. So Wireshark's doing that as well and there's a couple of features that we can use in Wireshark to help us keep track of what's happening and one of them is conversations and endpoints. In Wireshark, a conversation is between two end points. An endpoint is one side of the conversation. To view all the…

Contents