Listing all Internet Browsers with Wireshark is very easy.
Start Wireshark and open a capture file or start a live capture. In the “Protocol” column of the packet list, look for packets with a “Hypertext Transfer Protocol (HTTP)” value. These packets are typically associated with web browsing activity. To see the user agent string for a particular packet, expand the “Hypertext Transfer Protocol” section in the packet details pane and look for the “User-Agent” field. The user agent string identifies the browser and operating system being used by the client that sent the request. You can also use Wireshark’s filtering capabilities to narrow down the packets of interest. For example, you can use the “http.user_agent” filter to only show packets with a specific user agent string. For example, to show only packets from Internet Explorer, you could use the filter “http.user_agent contains “MSIE”” (without the quotes).
Just like this example below.
http.user_agent contains "Mozilla" |
Listing all network packets from the Mozilla browser.
Find all instances of the Microsoft Edge browser.
http.user_agent contains "Edg" |
This also finds a lot of other packets as Edge is integrated into Windows 11 and it runs all of the time.
Detect Steam In-Home Streaming Discovery Protocol.
steam_ihs_discovery |
This does work very well.
Use this filter to detect BitTorrent traffic.
bittorrent |
Easy way to detect torrenting.
List all packets with the BitTorrent protocol name.
bittorrent.protocol.name |
List all BitTorrent peers.
bittorrent.peer_id |
This allows the user to list the IP addresses of BitTorrent peers.
The FTP File Transfer Protocol does not use an encrypted connection. This can be listed with Wireshark easily. Use the example below to list a connection session.
ftp.current-working-directory |
Very useful to view the actual change in working directory transactions.
0000 c8 14 51 5f a9 47 fc 34 97 a5 bc 7e 08 00 45 00 ..Q_.G.4...~..E. 0010 00 35 3a 8b 40 00 80 06 00 00 c0 a8 01 05 60 f1 .5:.@.........`. 0020 77 75 df c3 00 15 58 95 0a ca af ba ec 3d 50 18 wu....X......=P. 0030 1b ab 9a 3b 00 00 43 57 44 20 69 64 67 61 6d 65 ...;..CWD idgame 0040 73 0d 0a s.. |
Another very useful Wireshark tip.