Your SlideShare is downloading. ×
OSTU - Building a Remote Wireshark Analyzer (by Tony Fortunato)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

OSTU - Building a Remote Wireshark Analyzer (by Tony Fortunato)

3,983
views

Published on

Tony Fortunato is a Senior Network Specialist with experience in design, implementation, and troubleshooting of LAN/WAN/Wireless networks, desktops and servers since 1989. His background in financial …

Tony Fortunato is a Senior Network Specialist with experience in design, implementation, and troubleshooting of LAN/WAN/Wireless networks, desktops and servers since 1989. His background in financial networks includes design and implementation of trading floor networks. Tony has taught at local high schools, Colleges/Universities, Networld/Interop and many onsite private classroom settings to thousands of analysts.

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,983
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
50
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Wireshark Tony Fortunato, Sr Network Specialist The Technology Firm Build A Free Remote Analyzer
  • 2. What are you talking about?
    • Many times analysts need a remote analyzer
    • Why not just install Wireshark on the clients PC?
      • Client may not have Administrative equivalent account to install Wireshark
      • Adding another process may make the problem worse
      • You may not want the customer to have access to the trace file
      • You do not know the hardware and software on the customers’ PC
    • Why build or roll your own analyzer
      • Customers may be geographically dispersed
      • You may want to capture from several points
      • You have control over the PC
      • You can even trouble shoot those problems where PC’s reboot
      • Its fun and easy.. OK I have to take my meds now.
  • 3. Installing Wireshark and VNC on a PC
    • The PC you choose to use as a remote analyzer should have at least 2 interfaces
    • By using 2 adapters, you won’t have to worry about filtering out your remote control packets
    • Use your imagination; for example why not; 1 Ethernet, 1 WIFI
    • TIP; If you want to use a laptop, use a PCMCIA Ethernet adapter or Ethernet/WIFI USB adapter.
    • The 2 interfaces are important;
      • 1 will be the Management Interface
        • This interface will have all the IP information required to communicate with you
      • 1 will be the Analyzer Interface
        • This interface will NOT have any protocols loaded
    • As far as the software goes, use whatever OS you want as long as it is supported by Wireshark
      • I’m going to use Windows in this example
    • The other thing you need to install is remote control software.
      • I’m going to use UltraVNC since it is multi-platform
  • 4. My Example
    • UltraVNC
    • Wireshark
    Ethernet Analyzer Management
  • 5. Testing
    • Connect both interfaces to the network and capture some packets from both interfaces to ensure they are working properly
    • Test UltraVNC for remote control access
    • In this example my laptop has an Ethernet and WIFI interface
      • The Intel WIFI interface will be my Management interface
      • The Broadcom Ethernet interface will be my Analyzer interface
  • 6. Bonus ** Remote control
    • In some cases I have used remote control services instead of VNC to remotely control the PC.
      • Logmein.com
      • Gotomypc.com
    • In the future I will investigate how to do this with rpcap, but it’s a bit trickier.
  • 7. Connect and Analyze
    • Now that Wireshark and VNC is working, all you have to do is connect and capture your packets from the analyze port
    • Since this is your troubleshooting PC, you may want to consider several other tools for your troubleshooting, which I may cover in future sessions;
      • Lookatlan
      • Servers Alive
      • MRTG
      • Perl
      • Portable webserver
      • Portable FTP server
      • Camstudio
      • Easycapture
      • Iperf
      • tftpserver
  • 8. Wireshark Training - QuickStart Tony Fortunato, Sr Network Specialist The Technology Firm Thank you
  • 9.
    • For additional educational videos on Open Source Network Tools, please click on the following …
    • http://www.lovemytool.com/blog/ostu.html
    LoveMyTool.com – Community for Network Tools