nullx5/wireshark filtros.md

Last active December 17, 2025 02:20

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/nullx5/48c8c305089d781f20f66b9ce6918e2d.js"></script>
Save nullx5/48c8c305089d781f20f66b9ce6918e2d to your computer and use it in GitHub Desktop.

Raw

🔥 Filtros Wireshark – detectar escaneo Nmap SYN Scan (hacia tu IP) y Detecta ping y arp a mi maquina:

((tcp.flags.syn == 1 && tcp.flags.ack == 0 && ip.dst == 192.168.100.35) || (icmp && ip.dst == 192.168.100.35) || (arp && arp.dst.proto_ipv4 == 192.168.100.35)) && !(ip.addr == 8.8.8.8)

👀 Tip forense rápido

Después de aplicar el filtro:

Statistics → Conversations → TCP
Ordena por Packets o Ports
Una IP → muchos puertos = escaneo confirmado

Tshark

sudo tshark -i wlp2s0 -Y '((tcp.flags.syn == 1 && tcp.flags.ack == 0 && ip.dst == 192.168.100.35) || (icmp && ip.dst == 192.168.100.35) || (arp && arp.dst.proto_ipv4 == 192.168.100.35)) && !(ip.addr == 8.8.8.8)' \ -w escaneo_detectado.pcapng

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

nullx5/wireshark filtros.md

Select an option

No results found

Select an option

No results found

🔥 Filtros Wireshark – detectar escaneo Nmap SYN Scan (hacia tu IP) y Detecta ping y arp a mi maquina:

Tshark