To find certain browsers in the Wireshark output, use this filter, this will look for Safari and Mozilla browsers.
1 | http.user_agent contains "Safari" or http.user_agent contains "Mozilla" |
To list all HTTP connections in a capture file that are visited by certain browsers, use this filter.
http.user_agent contains "Safari" or http.user_agent contains "Mozilla" && tcp.dstport == 80 && http |
And this filter will list all SSL connections.
tcp.dstport == 443 && ssl |
To filter for a certain time frame in a Wireshark capture, use this filter.
(frame.time >= "Sep 23, 2014 12:10:10") && (frame.time <= "Sep 23, 2014 12:34:08") |
This filters for a time frame between Sept 23 2014, 12:10:10 and Sept 23 2014, 12:34:08. That would be a very useful tip indeed.
And it can be coupled with an earlier filter to find any browser activity in this time frame.
(frame.time >= "Sep 23, 2014 12:10:10") && (frame.time <= "Sep 23, 2014 12:41:08") && http.user_agent contains "Mozilla" |
Filter for a specific time frame in Wireshark.
How to filter the server name from SSL client hello packets with Wireshark.