Wireshark Tony Fortunato, Sr Network Specialist The Technology Firm Build A Free Remote Analyzer

What are you talking about? Many times analysts need a remote analyzer Why not just install Wireshark on the clients PC? Client may not have Administrative equivalent account to install Wireshark Adding another process may make the problem worse You may not want the customer to have access to the trace file You do not know the hardware and software on the customers’ PC Why build or roll your own analyzer Customers may be geographically dispersed You may want to capture from several points You have control over the PC You can even trouble shoot those problems where PC’s reboot Its fun and easy.. OK I have to take my meds now.

Many times analysts need a remote analyzer

Why not just install Wireshark on the clients PC?

Client may not have Administrative equivalent account to install Wireshark

Adding another process may make the problem worse

You may not want the customer to have access to the trace file

You do not know the hardware and software on the customers’ PC

Why build or roll your own analyzer

Customers may be geographically dispersed

You may want to capture from several points

You have control over the PC

You can even trouble shoot those problems where PC’s reboot

Its fun and easy.. OK I have to take my meds now.

Installing Wireshark and VNC on a PC The PC you choose to use as a remote analyzer should have at least 2 interfaces By using 2 adapters, you won’t have to worry about filtering out your remote control packets Use your imagination; for example why not; 1 Ethernet, 1 WIFI TIP; If you want to use a laptop, use a PCMCIA Ethernet adapter or Ethernet/WIFI USB adapter. The 2 interfaces are important; 1 will be the Management Interface This interface will have all the IP information required to communicate with you 1 will be the Analyzer Interface This interface will NOT have any protocols loaded As far as the software goes, use whatever OS you want as long as it is supported by Wireshark I’m going to use Windows in this example The other thing you need to install is remote control software. I’m going to use UltraVNC since it is multi-platform

The PC you choose to use as a remote analyzer should have at least 2 interfaces

By using 2 adapters, you won’t have to worry about filtering out your remote control packets

Use your imagination; for example why not; 1 Ethernet, 1 WIFI

TIP; If you want to use a laptop, use a PCMCIA Ethernet adapter or Ethernet/WIFI USB adapter.

The 2 interfaces are important;

1 will be the Management Interface

This interface will have all the IP information required to communicate with you

1 will be the Analyzer Interface

This interface will NOT have any protocols loaded

As far as the software goes, use whatever OS you want as long as it is supported by Wireshark

I’m going to use Windows in this example

The other thing you need to install is remote control software.

I’m going to use UltraVNC since it is multi-platform

My Example UltraVNC Wireshark Ethernet Analyzer Management

UltraVNC

Wireshark

Testing Connect both interfaces to the network and capture some packets from both interfaces to ensure they are working properly Test UltraVNC for remote control access In this example my laptop has an Ethernet and WIFI interface The Intel WIFI interface will be my Management interface The Broadcom Ethernet interface will be my Analyzer interface

Connect both interfaces to the network and capture some packets from both interfaces to ensure they are working properly

Test UltraVNC for remote control access

In this example my laptop has an Ethernet and WIFI interface

The Intel WIFI interface will be my Management interface

The Broadcom Ethernet interface will be my Analyzer interface

Bonus ** Remote control In some cases I have used remote control services instead of VNC to remotely control the PC. Logmein.com Gotomypc.com In the future I will investigate how to do this with rpcap, but it’s a bit trickier.

In some cases I have used remote control services instead of VNC to remotely control the PC.

Logmein.com

Gotomypc.com

In the future I will investigate how to do this with rpcap, but it’s a bit trickier.

Connect and Analyze Now that Wireshark and VNC is working, all you have to do is connect and capture your packets from the analyze port Since this is your troubleshooting PC, you may want to consider several other tools for your troubleshooting, which I may cover in future sessions; Lookatlan Servers Alive MRTG Perl Portable webserver Portable FTP server Camstudio Easycapture Iperf tftpserver

Now that Wireshark and VNC is working, all you have to do is connect and capture your packets from the analyze port

Since this is your troubleshooting PC, you may want to consider several other tools for your troubleshooting, which I may cover in future sessions;

Lookatlan

Servers Alive

MRTG

Perl

Portable webserver

Portable FTP server

Camstudio

Easycapture

Iperf

tftpserver

Wireshark Training - QuickStart Tony Fortunato, Sr Network Specialist The Technology Firm Thank you

For additional educational videos on Open Source Network Tools, please click on the following … http://www.lovemytool.com/blog/ostu.html LoveMyTool.com – Community for Network Tools

For additional educational videos on Open Source Network Tools, please click on the following …

http://www.lovemytool.com/blog/ostu.html