OSTU - Building a Remote Wireshark Analyzer (by Tony Fortunato)

  • 3,946 views
Uploaded on

Tony Fortunato is a Senior Network Specialist with experience in design, implementation, and troubleshooting of LAN/WAN/Wireless networks, desktops and servers since 1989. His background in financial …

Tony Fortunato is a Senior Network Specialist with experience in design, implementation, and troubleshooting of LAN/WAN/Wireless networks, desktops and servers since 1989. His background in financial networks includes design and implementation of trading floor networks. Tony has taught at local high schools, Colleges/Universities, Networld/Interop and many onsite private classroom settings to thousands of analysts.

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
3,946
On Slideshare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
50
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Wireshark Tony Fortunato, Sr Network Specialist The Technology Firm Build A Free Remote Analyzer
  • 2. What are you talking about?
    • Many times analysts need a remote analyzer
    • Why not just install Wireshark on the clients PC?
      • Client may not have Administrative equivalent account to install Wireshark
      • Adding another process may make the problem worse
      • You may not want the customer to have access to the trace file
      • You do not know the hardware and software on the customers’ PC
    • Why build or roll your own analyzer
      • Customers may be geographically dispersed
      • You may want to capture from several points
      • You have control over the PC
      • You can even trouble shoot those problems where PC’s reboot
      • Its fun and easy.. OK I have to take my meds now.
  • 3. Installing Wireshark and VNC on a PC
    • The PC you choose to use as a remote analyzer should have at least 2 interfaces
    • By using 2 adapters, you won’t have to worry about filtering out your remote control packets
    • Use your imagination; for example why not; 1 Ethernet, 1 WIFI
    • TIP; If you want to use a laptop, use a PCMCIA Ethernet adapter or Ethernet/WIFI USB adapter.
    • The 2 interfaces are important;
      • 1 will be the Management Interface
        • This interface will have all the IP information required to communicate with you
      • 1 will be the Analyzer Interface
        • This interface will NOT have any protocols loaded
    • As far as the software goes, use whatever OS you want as long as it is supported by Wireshark
      • I’m going to use Windows in this example
    • The other thing you need to install is remote control software.
      • I’m going to use UltraVNC since it is multi-platform
  • 4. My Example
    • UltraVNC
    • Wireshark
    Ethernet Analyzer Management
  • 5. Testing
    • Connect both interfaces to the network and capture some packets from both interfaces to ensure they are working properly
    • Test UltraVNC for remote control access
    • In this example my laptop has an Ethernet and WIFI interface
      • The Intel WIFI interface will be my Management interface
      • The Broadcom Ethernet interface will be my Analyzer interface
  • 6. Bonus ** Remote control
    • In some cases I have used remote control services instead of VNC to remotely control the PC.
      • Logmein.com
      • Gotomypc.com
    • In the future I will investigate how to do this with rpcap, but it’s a bit trickier.
  • 7. Connect and Analyze
    • Now that Wireshark and VNC is working, all you have to do is connect and capture your packets from the analyze port
    • Since this is your troubleshooting PC, you may want to consider several other tools for your troubleshooting, which I may cover in future sessions;
      • Lookatlan
      • Servers Alive
      • MRTG
      • Perl
      • Portable webserver
      • Portable FTP server
      • Camstudio
      • Easycapture
      • Iperf
      • tftpserver
  • 8. Wireshark Training - QuickStart Tony Fortunato, Sr Network Specialist The Technology Firm Thank you
  • 9.
    • For additional educational videos on Open Source Network Tools, please click on the following …
    • http://www.lovemytool.com/blog/ostu.html
    LoveMyTool.com – Community for Network Tools