Analyzing network trace files using Wireshark
Wireshark contains a long list of different filters and options that we can use to analyze traffic from a trace file. Before we start going into analyzing the trace file, there are some settings we should configure before starting.
First, add a new column that shows, for instance, the destination port. All the different columns allow us to perform sorts and makes it easier to get the correct data.
This can be done by going into Edit | Preferences | Appearance | Columns. Click on the + sign and give it a name; click on the newly created column under Type and choose what kind of data that should be added, as shown in the following screenshot:
Next we need to enable name resolution. By default, a trace file does not resolve IP addresses into hostnames; therefore it might become cumbersome to analyze traffic without knowing where the traffic comes from.
We can enable this in Wireshark, and allow it to list all the IP addresses and query the DNS server...