-
Network Security Tools :- Introduction to WiresharkCase study
topic
-
What is Wireshark ?Formerly known as Ethereal
Wireshark is a GUI Network Protocol Analyzer
Display filters in Wireshark are very powerful
Follows the rules of the pcap library
-
Functions Capturing network traffic
Decodes packets of common protocols
Displays the network traffic in human-readable format
-
Wireshark StartupVersion 1.2.6
-
Screen Layout of WiresharkThe summary line, briefly describing
what the packet is. A protocol tree is shown, allowing you to drill
down to exact protocol or field that you interested in. a hex dump
shows you exactly what the packet looks like when it goes over the
wire. Filename Of Current File
-
Edit -> Preferences ->Columns
-
Enable Protocols
-
Capture Options
-
Capture OptionsTo Specify the interface to be monitoredTo Record
all traffic even not for youOnly Capture part of the packetTo Store
the result in fileAutomatic Stop ConditionTo Start MonitoringOnly
Capture certain packet
-
Start Capturing
-
Stop Capturing
-
Display Packet CapturedFrame #Ethernet HeaderDestination Mac
Address Field in Ethernet Header
-
Column SortingOutput is Sorted By Frame No By DefaultOutput is
Sorted By Source Address
-
Conversation List
-
Saving Packets Captured
-
Capture FiltersThe capture filter syntax follows the rules of
the pcap libraryThis syntax is different from the display filter
syntax. Sample filters:src ip 192.168.1.1ether src
00:50:BA:48:B5:EF
-
Capture FiltersA capture filter for HTTP than captures traffic
to and from a particular host -tcp port 80 and host 10.10.10.5A
capture filter for HTTP than captures traffic not from a particular
host -tcp port 80 and not host 10.10.10.5A capture filter to and
from an Ethernet address -ether 00:00:01:01:02:22
-
Display FiltersC-like symbols, or through English-like
abbreviations:
eq, == Equal ne, != Not equal gt, > Greater than lt, <
Less Than ge, >= Greater than or Equal to le,
-
Display Filters GUIQuick Way to Learn Display Filter
Commands
-
Display Filters GUI1.2.3.
-
Display Filters GUI
-
Why Packet Analyzing in this class ?Useful in Developing Network
Application
As a guideline when error encountered
-
conclusionWireshark's wireless analysis features have grown to
be a very powerful tool for troubleshooting and analyzing wireless
networks.With Wireshark's display filters and powerful protocol
dissector features, you can sift through large quantities of
wireless traffic Without a doubt, Wireshark is a powerful
assessment and analysis tool for wireless networks that should be a
part of every auditor, engineer, and consultant toolkit.
