SlideShare a Scribd company logo

Wireshark_Tutorial.pptx

Download as PPTX, PDF
A
AdeelIshtiaq4

Internet traffic monitoring

Internet
1 of 39
POSTECH 1/39 CSED702D: Internet Traffic Monitoring and Analysis James Won-Ki Hong Department of Computer Science and Engineering POSTECH, Korea jwkhong@postech.ac.kr
POSTECH 2/39 CSED702D: Internet Traffic Monitoring and Analysis Outline  What is Wireshark?  Capturing Packets  Analyzing Packets  Filtering Packets  Saving and Manipulating Packets  Packet Statistics  Colorizing Specific Packets  References
POSTECH 3/39 CSED702D: Internet Traffic Monitoring and Analysis What is Wireshark?  The De-Facto Network Protocol Analyzer  Open-Source (GNU Public License)  Multi-platform (Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and others)  Easily extensible  Large development group  Previously Named “Ethereal”
POSTECH 4/39 CSED702D: Internet Traffic Monitoring and Analysis What is Wireshark?  Features  Deep inspection of thousands of protocols  Live capture and offline analysis  Standard three-pane packet browser  Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility  The most powerful display filters in the industry  Rich VoIP analysis  Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others  Coloring rules can be applied to the packet list for quick, intuitive analysis  Output can be exported to XML, PostScript®, CSV, or plain text
POSTECH 5/39 CSED702D: Internet Traffic Monitoring and Analysis What is Wireshark?  What we can:  Capture network traffic  Decode packet protocols using dissectors  Define filters – capture and display  Watch smart statistics  Analyze problems  Interactively browse that traffic  Some examples people use Wireshark for:  Network administrators: troubleshoot network problems  Network security engineers: examine security problems  Developers: debug protocol implementations  People: learn network protocol internals
POSTECH 6/39 CSED702D: Internet Traffic Monitoring and Analysis Interfaces Packet List Packet Details Packet Bytes
POSTECH 7/39 CSED702D: Internet Traffic Monitoring and Analysis Capturing Packets (1/3)
POSTECH 8/39 CSED702D: Internet Traffic Monitoring and Analysis Capturing Packets (2/3) Buffer size – in order not to fill your laptop disk Capture all packets on the network Capture filter Capture in multiple files When to automatically stop the capture Display options Name resolution options
POSTECH 9/39 CSED702D: Internet Traffic Monitoring and Analysis Capturing Packets (3/3) Example (W-LAN): Received Signal Strength Indication (RSSI) and Link speed (BW)
POSTECH 10/39 CSED702D: Internet Traffic Monitoring and Analysis Analyzing Packets (1/9)  Ethernet Frame Example
POSTECH 11/39 CSED702D: Internet Traffic Monitoring and Analysis Analyzing Packets (2/9)  IP Packet Example
POSTECH 12/39 CSED702D: Internet Traffic Monitoring and Analysis Analyzing Packets (3/9)  TCP Packet Example
POSTECH 13/39 CSED702D: Internet Traffic Monitoring and Analysis Analyzing Packets (4/9)  TCP 3-way Handshake
POSTECH 14/39 CSED702D: Internet Traffic Monitoring and Analysis Analyzing Packets (5/9)  Flow Graph  Giving us a graphical flow, for better understanding of what we see
POSTECH 15/39 CSED702D: Internet Traffic Monitoring and Analysis Analyzing Packets (6/9)  Flow Graph
POSTECH 16/39 CSED702D: Internet Traffic Monitoring and Analysis Analyzing Packets (7/9)  Filtering Specific TCP Stream
POSTECH 17/39 CSED702D: Internet Traffic Monitoring and Analysis Analyzing Packets (8/9)  Filtering Specific TCP Stream
POSTECH 18/39 CSED702D: Internet Traffic Monitoring and Analysis Analyzing Packets (9/9)  RTP Stream Analysis Stable stream BW
POSTECH 19/39 CSED702D: Internet Traffic Monitoring and Analysis Filtering Packets (1/4)  Applying Filter when Capturing Packets Capture  Interfaces  Options:
POSTECH 20/39 CSED702D: Internet Traffic Monitoring and Analysis Filtering Packets (2/4)  Applying Filter when Analyzing Packets
POSTECH 21/39 CSED702D: Internet Traffic Monitoring and Analysis Filtering Packets (3/4)  Examples:  Capture only traffic to or from IP address 172.18.5.4 • host 172.18.5.4  Capture traffic to or from a range of IP addresses • net 192.168.0.0/24 • net 192.168.0.0 mask 255.255.255.0  Capture traffic from a range of IP addresses • src net 192.168.0.0/24 • src net 192.168.0.0 mask 255.255.255.0  Capture traffic to a range of IP addresses • dst net 192.168.0.0/24 • dst net 192.168.0.0 mask 255.255.255.0  Capture only DNS (port 53) traffic • port 53  Capture non-HTTP and non-SMTP traffic on your server • host www.example.com and not (port 80 or port 25) • host www.example.com and not port 80 and not port 25
POSTECH 22/39 CSED702D: Internet Traffic Monitoring and Analysis Filtering Packets (4/4)  Examples:  Capture except all ARP and DNS traffic • port not 53 and not arp  Capture traffic within a range of ports • (tcp[2:2] > 1500 and tcp[2:2] < 1550) or (tcp[4:2] > 1500 and tcp[4:2] < 1550) • tcp portrange 1501-1549  Capture only Ethernet type EAPOL • ether proto 0x888e  Capture only IP traffic (the shortest filter, but sometimes very useful to get rid of lower layer protocols like ARP and STP) • ip  Capture only unicast traffic (useful to get rid of noise on the network if you only want to see traffic to and from your machine, not, for example, broadcast and multicast announcements) • not broadcast and not multicast
POSTECH 23/39 CSED702D: Internet Traffic Monitoring and Analysis Saving and Manipulating Packets (1/3)  Save only displayed packets
POSTECH 24/39 CSED702D: Internet Traffic Monitoring and Analysis Saving and Manipulating Packets (2/3)  Export to CSV file
POSTECH 25/39 CSED702D: Internet Traffic Monitoring and Analysis Saving and Manipulating Packets (3/3)  Exported CSV File
POSTECH 26/39 CSED702D: Internet Traffic Monitoring and Analysis Packet Statistics (1/8)  Protocol Hierarchy
POSTECH 27/39 CSED702D: Internet Traffic Monitoring and Analysis Packet Statistics (2/8)  Conversation  Traffic between two specific endpoints With some manipulation
POSTECH 28/39 CSED702D: Internet Traffic Monitoring and Analysis Packet Statistics (3/8)  I/O Graph
POSTECH 29/39 CSED702D: Internet Traffic Monitoring and Analysis Packet Statistics (4/8)  Configurable Options  I/O Graphs • Graph 1-5: enable the specific graph 1-5 (graph 1 by default) • Filter: a display filter for this graph (only the packets that pass this filter will be taken into account for this graph) • Style: the style of the graph (Line/Impulse/FBar/Dot)  X Axis • Tick interval: an interval in x direction lasts (10/1 minutes or 10/1/0.1/0.01/0.001 seconds) • Pixels per tick: use 10/5/2/1 pixels per tick interval • View as time of day: option to view x direction labels as time of day instead of seconds or minutes since beginning of capture  Y Axis • Unit: the unit for the y direction (Packets/Tick, Bytes/Tick, Bits/Tick, Advanced...) • Scale: the scale for the y unit (Logarithmic,Auto,10,20,50,100,200,...)
POSTECH 30/39 CSED702D: Internet Traffic Monitoring and Analysis Packet Statistics (5/8)  TCP Stream Graph
POSTECH 31/39 CSED702D: Internet Traffic Monitoring and Analysis Packet Statistics (6/8)  Round-Trip Time Graph RTT Vs. Sequence numbers gives us the time that take to Ack every packet. In case of variations, it can cause DUPACKs and even Retransmissions Usually will happen on communications lines: Over the Internet Over cellular networks
POSTECH 32/39 CSED702D: Internet Traffic Monitoring and Analysis Packet Statistics (7/8)  Time / Sequence Graph Seq No [B] Time [Sec] Time / Sequence representes how sequence numbers advances with time In a good connection (like in the example), the line will be linear The angle of the line indicates the speed of the connection. In this example – fast connection
POSTECH 33/39 CSED702D: Internet Traffic Monitoring and Analysis Packet Statistics (8/8)  Time / Sequence Graph Seq No [B] Time [Sec] In this case, we see a non- contiguous graph Can be due to: Severe packet loss Server response (processing) time
POSTECH 34/39 CSED702D: Internet Traffic Monitoring and Analysis Colorizing Specific Packets (1/4)  Packet Colorization  Colorize packets according to a filter  Allow to emphasize the packets interested in  A lot of Coloring Rule examples at the Wireshark Wiki Coloring Rules page at http://wiki.wireshark.org/ColoringRules We want to watch a specific protocol through out the capture file
POSTECH 35/39 CSED702D: Internet Traffic Monitoring and Analysis Colorizing Specific Packets (2/4)
POSTECH 36/39 CSED702D: Internet Traffic Monitoring and Analysis Colorizing Specific Packets (3/4)
POSTECH 37/39 CSED702D: Internet Traffic Monitoring and Analysis Colorizing Specific Packets (4/4)  TLS Connection Establishment
POSTECH 38/39 CSED702D: Internet Traffic Monitoring and Analysis References  Wireshark Website  http://www.wireshark.org  Wireshark Documentation  http://www.wireshark.org/docs/  Wireshark Wiki  http://wiki.wireshark.org  Network analysis Using Wireshark Cookbook  http://www.amazon.com/Network-Analysis-Using-Wiresh ark-Cookbook/dp/1849517649
POSTECH 39/39 CSED702D: Internet Traffic Monitoring and Analysis Q&A

Recommended

Practical 7 - Using Wireshark Tutorial and Hands-on
Practical 7 - Using Wireshark Tutorial and Hands-onPractical 7 - Using Wireshark Tutorial and Hands-on
Practical 7 - Using Wireshark Tutorial and Hands-onQaisSaifQassim
 
Chapter 3. sensors in the network domain
Chapter 3. sensors in the network domainChapter 3. sensors in the network domain
Chapter 3. sensors in the network domainPhu Nguyen
 
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET Journal
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li Inmhaviv
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark BasicsYoram Orzach
 
Traffic monitoring
Traffic monitoringTraffic monitoring
Traffic monitoringRadu Galbenu
 
Network
NetworkNetwork
Networkrumoorthyit
 
TCP/IP Basics
TCP/IP BasicsTCP/IP Basics
TCP/IP BasicsSMC Networks Europe
 

Recommended

Practical 7 - Using Wireshark Tutorial and Hands-on
Practical 7 - Using Wireshark Tutorial and Hands-onPractical 7 - Using Wireshark Tutorial and Hands-on
Practical 7 - Using Wireshark Tutorial and Hands-onQaisSaifQassim
 
Chapter 3. sensors in the network domain
Chapter 3. sensors in the network domainChapter 3. sensors in the network domain
Chapter 3. sensors in the network domainPhu Nguyen
 
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET Journal
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li Inmhaviv
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark BasicsYoram Orzach
 
Traffic monitoring
Traffic monitoringTraffic monitoring
Traffic monitoringRadu Galbenu
 
Network
NetworkNetwork
Networkrumoorthyit
 
TCP/IP Basics
TCP/IP BasicsTCP/IP Basics
TCP/IP BasicsSMC Networks Europe
 
UDT
UDTUDT
UDTxlight
 
Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisGTKlondike
 
Design and Implementation of Dynamic Routing in Wireless Networks
Design and Implementation of Dynamic Routing in Wireless NetworksDesign and Implementation of Dynamic Routing in Wireless Networks
Design and Implementation of Dynamic Routing in Wireless NetworksSatish Reddy
 
Simplemux: a generic multiplexing protocol
Simplemux: a generic multiplexing protocolSimplemux: a generic multiplexing protocol
Simplemux: a generic multiplexing protocolJose Saldana
 
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginTakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginEC-Council
 
CCNA
CCNACCNA
CCNAAbhishek Parihari
 
Networking basics
Networking basicsNetworking basics
Networking basicsSridhar Baithi
 
CCNA ppt Day 2
CCNA ppt Day 2CCNA ppt Day 2
CCNA ppt Day 2VISHNU N
 
UDT
UDTUDT
UDTlilyco
 
Network Layer & Transport Layer
Network Layer & Transport LayerNetwork Layer & Transport Layer
Network Layer & Transport LayerSweta Kumari Barnwal
 
Nilesh ranpura systemmodelling
Nilesh ranpura systemmodellingNilesh ranpura systemmodelling
Nilesh ranpura systemmodellingObsidian Software
 
Packet Guide SONET/SDH
Packet Guide SONET/SDHPacket Guide SONET/SDH
Packet Guide SONET/SDHscribd1
 
Networking in college
Networking in collegeNetworking in college
Networking in collegeHarpreet Gaba
 
Introduction to Building Communication Protocols
Introduction to Building Communication Protocols Introduction to Building Communication Protocols
Introduction to Building Communication Protocols Mahmoud Ahmed
 
Get into Networking by Clearing Comptia Network+ Test
Get into Networking by Clearing Comptia Network+ TestGet into Networking by Clearing Comptia Network+ Test
Get into Networking by Clearing Comptia Network+ Testcertblaster
 
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SPKrzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SPPROIDEA
 
IP Utilites
IP UtilitesIP Utilites
IP Utiliteshariprasadnr
 
TCP Vs UDP
TCP Vs UDP TCP Vs UDP
TCP Vs UDP Ahmed Elnaggar
 
Chapter_3_Networking.ppt
Chapter_3_Networking.pptChapter_3_Networking.ppt
Chapter_3_Networking.pptBlaqray1998
 
Chapter_3_Networking.ppt
Chapter_3_Networking.pptChapter_3_Networking.ppt
Chapter_3_Networking.pptBlaqray1998
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 

More Related Content

Similar to Wireshark_Tutorial.pptx

Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisGTKlondike
 
Design and Implementation of Dynamic Routing in Wireless Networks
Design and Implementation of Dynamic Routing in Wireless NetworksDesign and Implementation of Dynamic Routing in Wireless Networks
Design and Implementation of Dynamic Routing in Wireless NetworksSatish Reddy
 
Simplemux: a generic multiplexing protocol
Simplemux: a generic multiplexing protocolSimplemux: a generic multiplexing protocol
Simplemux: a generic multiplexing protocolJose Saldana
 
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginTakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginEC-Council
 
CCNA ppt Day 2
CCNA ppt Day 2CCNA ppt Day 2
CCNA ppt Day 2VISHNU N
 
Nilesh ranpura systemmodelling
Nilesh ranpura systemmodellingNilesh ranpura systemmodelling
Nilesh ranpura systemmodellingObsidian Software
 
Packet Guide SONET/SDH
Packet Guide SONET/SDHPacket Guide SONET/SDH
Packet Guide SONET/SDHscribd1
 
Networking in college
Networking in collegeNetworking in college
Networking in collegeHarpreet Gaba
 
Introduction to Building Communication Protocols
Introduction to Building Communication Protocols Introduction to Building Communication Protocols
Introduction to Building Communication Protocols Mahmoud Ahmed
 
Get into Networking by Clearing Comptia Network+ Test
Get into Networking by Clearing Comptia Network+ TestGet into Networking by Clearing Comptia Network+ Test
Get into Networking by Clearing Comptia Network+ Testcertblaster
 
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SPKrzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SPPROIDEA
 
Chapter_3_Networking.ppt
Chapter_3_Networking.pptChapter_3_Networking.ppt
Chapter_3_Networking.pptBlaqray1998
 
Chapter_3_Networking.ppt
Chapter_3_Networking.pptChapter_3_Networking.ppt
Chapter_3_Networking.pptBlaqray1998
 

Similar to Wireshark_Tutorial.pptx (20)

UDT
UDTUDT
UDT
 
Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysis
 
Design and Implementation of Dynamic Routing in Wireless Networks
Design and Implementation of Dynamic Routing in Wireless NetworksDesign and Implementation of Dynamic Routing in Wireless Networks
Design and Implementation of Dynamic Routing in Wireless Networks
 
Simplemux: a generic multiplexing protocol
Simplemux: a generic multiplexing protocolSimplemux: a generic multiplexing protocol
Simplemux: a generic multiplexing protocol
 
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginTakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
 
CCNA
CCNACCNA
CCNA
 
Networking basics
Networking basicsNetworking basics
Networking basics
 
CCNA ppt Day 2
CCNA ppt Day 2CCNA ppt Day 2
CCNA ppt Day 2
 
UDT
UDTUDT
UDT
 
Network Layer & Transport Layer
Network Layer & Transport LayerNetwork Layer & Transport Layer
Network Layer & Transport Layer
 
Nilesh ranpura systemmodelling
Nilesh ranpura systemmodellingNilesh ranpura systemmodelling
Nilesh ranpura systemmodelling
 
Packet Guide SONET/SDH
Packet Guide SONET/SDHPacket Guide SONET/SDH
Packet Guide SONET/SDH
 
Networking in college
Networking in collegeNetworking in college
Networking in college
 
Introduction to Building Communication Protocols
Introduction to Building Communication Protocols Introduction to Building Communication Protocols
Introduction to Building Communication Protocols
 
Get into Networking by Clearing Comptia Network+ Test
Get into Networking by Clearing Comptia Network+ TestGet into Networking by Clearing Comptia Network+ Test
Get into Networking by Clearing Comptia Network+ Test
 
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SPKrzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
 
IP Utilites
IP UtilitesIP Utilites
IP Utilites
 
TCP Vs UDP
TCP Vs UDP TCP Vs UDP
TCP Vs UDP
 
Chapter_3_Networking.ppt
Chapter_3_Networking.pptChapter_3_Networking.ppt
Chapter_3_Networking.ppt
 
Chapter_3_Networking.ppt
Chapter_3_Networking.pptChapter_3_Networking.ppt
Chapter_3_Networking.ppt
 

Recently uploaded

How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 

Recently uploaded (20)

How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 

Wireshark_Tutorial.pptx

  • 1. POSTECH 1/39 CSED702D: Internet Traffic Monitoring and Analysis James Won-Ki Hong Department of Computer Science and Engineering POSTECH, Korea jwkhong@postech.ac.kr
  • 2. POSTECH 2/39 CSED702D: Internet Traffic Monitoring and Analysis Outline  What is Wireshark?  Capturing Packets  Analyzing Packets  Filtering Packets  Saving and Manipulating Packets  Packet Statistics  Colorizing Specific Packets  References
  • 3. POSTECH 3/39 CSED702D: Internet Traffic Monitoring and Analysis What is Wireshark?  The De-Facto Network Protocol Analyzer  Open-Source (GNU Public License)  Multi-platform (Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and others)  Easily extensible  Large development group  Previously Named “Ethereal”
  • 4. POSTECH 4/39 CSED702D: Internet Traffic Monitoring and Analysis What is Wireshark?  Features  Deep inspection of thousands of protocols  Live capture and offline analysis  Standard three-pane packet browser  Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility  The most powerful display filters in the industry  Rich VoIP analysis  Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others  Coloring rules can be applied to the packet list for quick, intuitive analysis  Output can be exported to XML, PostScript®, CSV, or plain text
  • 5. POSTECH 5/39 CSED702D: Internet Traffic Monitoring and Analysis What is Wireshark?  What we can:  Capture network traffic  Decode packet protocols using dissectors  Define filters – capture and display  Watch smart statistics  Analyze problems  Interactively browse that traffic  Some examples people use Wireshark for:  Network administrators: troubleshoot network problems  Network security engineers: examine security problems  Developers: debug protocol implementations  People: learn network protocol internals
  • 6. POSTECH 6/39 CSED702D: Internet Traffic Monitoring and Analysis Interfaces Packet List Packet Details Packet Bytes
  • 7. POSTECH 7/39 CSED702D: Internet Traffic Monitoring and Analysis Capturing Packets (1/3)
  • 8. POSTECH 8/39 CSED702D: Internet Traffic Monitoring and Analysis Capturing Packets (2/3) Buffer size – in order not to fill your laptop disk Capture all packets on the network Capture filter Capture in multiple files When to automatically stop the capture Display options Name resolution options
  • 9. POSTECH 9/39 CSED702D: Internet Traffic Monitoring and Analysis Capturing Packets (3/3) Example (W-LAN): Received Signal Strength Indication (RSSI) and Link speed (BW)
  • 10. POSTECH 10/39 CSED702D: Internet Traffic Monitoring and Analysis Analyzing Packets (1/9)  Ethernet Frame Example
  • 11. POSTECH 11/39 CSED702D: Internet Traffic Monitoring and Analysis Analyzing Packets (2/9)  IP Packet Example
  • 12. POSTECH 12/39 CSED702D: Internet Traffic Monitoring and Analysis Analyzing Packets (3/9)  TCP Packet Example
  • 13. POSTECH 13/39 CSED702D: Internet Traffic Monitoring and Analysis Analyzing Packets (4/9)  TCP 3-way Handshake
  • 14. POSTECH 14/39 CSED702D: Internet Traffic Monitoring and Analysis Analyzing Packets (5/9)  Flow Graph  Giving us a graphical flow, for better understanding of what we see
  • 15. POSTECH 15/39 CSED702D: Internet Traffic Monitoring and Analysis Analyzing Packets (6/9)  Flow Graph
  • 16. POSTECH 16/39 CSED702D: Internet Traffic Monitoring and Analysis Analyzing Packets (7/9)  Filtering Specific TCP Stream
  • 17. POSTECH 17/39 CSED702D: Internet Traffic Monitoring and Analysis Analyzing Packets (8/9)  Filtering Specific TCP Stream
  • 18. POSTECH 18/39 CSED702D: Internet Traffic Monitoring and Analysis Analyzing Packets (9/9)  RTP Stream Analysis Stable stream BW
  • 19. POSTECH 19/39 CSED702D: Internet Traffic Monitoring and Analysis Filtering Packets (1/4)  Applying Filter when Capturing Packets Capture  Interfaces  Options:
  • 20. POSTECH 20/39 CSED702D: Internet Traffic Monitoring and Analysis Filtering Packets (2/4)  Applying Filter when Analyzing Packets
  • 21. POSTECH 21/39 CSED702D: Internet Traffic Monitoring and Analysis Filtering Packets (3/4)  Examples:  Capture only traffic to or from IP address 172.18.5.4 • host 172.18.5.4  Capture traffic to or from a range of IP addresses • net 192.168.0.0/24 • net 192.168.0.0 mask 255.255.255.0  Capture traffic from a range of IP addresses • src net 192.168.0.0/24 • src net 192.168.0.0 mask 255.255.255.0  Capture traffic to a range of IP addresses • dst net 192.168.0.0/24 • dst net 192.168.0.0 mask 255.255.255.0  Capture only DNS (port 53) traffic • port 53  Capture non-HTTP and non-SMTP traffic on your server • host www.example.com and not (port 80 or port 25) • host www.example.com and not port 80 and not port 25
  • 22. POSTECH 22/39 CSED702D: Internet Traffic Monitoring and Analysis Filtering Packets (4/4)  Examples:  Capture except all ARP and DNS traffic • port not 53 and not arp  Capture traffic within a range of ports • (tcp[2:2] > 1500 and tcp[2:2] < 1550) or (tcp[4:2] > 1500 and tcp[4:2] < 1550) • tcp portrange 1501-1549  Capture only Ethernet type EAPOL • ether proto 0x888e  Capture only IP traffic (the shortest filter, but sometimes very useful to get rid of lower layer protocols like ARP and STP) • ip  Capture only unicast traffic (useful to get rid of noise on the network if you only want to see traffic to and from your machine, not, for example, broadcast and multicast announcements) • not broadcast and not multicast
  • 23. POSTECH 23/39 CSED702D: Internet Traffic Monitoring and Analysis Saving and Manipulating Packets (1/3)  Save only displayed packets
  • 24. POSTECH 24/39 CSED702D: Internet Traffic Monitoring and Analysis Saving and Manipulating Packets (2/3)  Export to CSV file
  • 25. POSTECH 25/39 CSED702D: Internet Traffic Monitoring and Analysis Saving and Manipulating Packets (3/3)  Exported CSV File
  • 26. POSTECH 26/39 CSED702D: Internet Traffic Monitoring and Analysis Packet Statistics (1/8)  Protocol Hierarchy
  • 27. POSTECH 27/39 CSED702D: Internet Traffic Monitoring and Analysis Packet Statistics (2/8)  Conversation  Traffic between two specific endpoints With some manipulation
  • 28. POSTECH 28/39 CSED702D: Internet Traffic Monitoring and Analysis Packet Statistics (3/8)  I/O Graph
  • 29. POSTECH 29/39 CSED702D: Internet Traffic Monitoring and Analysis Packet Statistics (4/8)  Configurable Options  I/O Graphs • Graph 1-5: enable the specific graph 1-5 (graph 1 by default) • Filter: a display filter for this graph (only the packets that pass this filter will be taken into account for this graph) • Style: the style of the graph (Line/Impulse/FBar/Dot)  X Axis • Tick interval: an interval in x direction lasts (10/1 minutes or 10/1/0.1/0.01/0.001 seconds) • Pixels per tick: use 10/5/2/1 pixels per tick interval • View as time of day: option to view x direction labels as time of day instead of seconds or minutes since beginning of capture  Y Axis • Unit: the unit for the y direction (Packets/Tick, Bytes/Tick, Bits/Tick, Advanced...) • Scale: the scale for the y unit (Logarithmic,Auto,10,20,50,100,200,...)
  • 30. POSTECH 30/39 CSED702D: Internet Traffic Monitoring and Analysis Packet Statistics (5/8)  TCP Stream Graph
  • 31. POSTECH 31/39 CSED702D: Internet Traffic Monitoring and Analysis Packet Statistics (6/8)  Round-Trip Time Graph RTT Vs. Sequence numbers gives us the time that take to Ack every packet. In case of variations, it can cause DUPACKs and even Retransmissions Usually will happen on communications lines: Over the Internet Over cellular networks
  • 32. POSTECH 32/39 CSED702D: Internet Traffic Monitoring and Analysis Packet Statistics (7/8)  Time / Sequence Graph Seq No [B] Time [Sec] Time / Sequence representes how sequence numbers advances with time In a good connection (like in the example), the line will be linear The angle of the line indicates the speed of the connection. In this example – fast connection
  • 33. POSTECH 33/39 CSED702D: Internet Traffic Monitoring and Analysis Packet Statistics (8/8)  Time / Sequence Graph Seq No [B] Time [Sec] In this case, we see a non- contiguous graph Can be due to: Severe packet loss Server response (processing) time
  • 34. POSTECH 34/39 CSED702D: Internet Traffic Monitoring and Analysis Colorizing Specific Packets (1/4)  Packet Colorization  Colorize packets according to a filter  Allow to emphasize the packets interested in  A lot of Coloring Rule examples at the Wireshark Wiki Coloring Rules page at http://wiki.wireshark.org/ColoringRules We want to watch a specific protocol through out the capture file
  • 35. POSTECH 35/39 CSED702D: Internet Traffic Monitoring and Analysis Colorizing Specific Packets (2/4)
  • 36. POSTECH 36/39 CSED702D: Internet Traffic Monitoring and Analysis Colorizing Specific Packets (3/4)
  • 37. POSTECH 37/39 CSED702D: Internet Traffic Monitoring and Analysis Colorizing Specific Packets (4/4)  TLS Connection Establishment
  • 38. POSTECH 38/39 CSED702D: Internet Traffic Monitoring and Analysis References  Wireshark Website  http://www.wireshark.org  Wireshark Documentation  http://www.wireshark.org/docs/  Wireshark Wiki  http://wiki.wireshark.org  Network analysis Using Wireshark Cookbook  http://www.amazon.com/Network-Analysis-Using-Wiresh ark-Cookbook/dp/1849517649
  • 39. POSTECH 39/39 CSED702D: Internet Traffic Monitoring and Analysis Q&A

Editor's Notes

  1. Time / Sequence representes how sequence numbers advances with time In a good connection (like in the example), the line will be linear The angle of the line indicates the speed of the connection. In this example – fast connection
  2. There are two types of coloring rules in Wireshark. Temporary ones that are only used until you quit the program. And permanent ones that will be saved to a preference file so that they are available on a next session. Temporary coloring rules can be added by selecting a packet and pressing the <ctrl> key together with one of the number keys. This will create a coloring rule based on the currently selected conversation. It will try to create a conversation filter based on TCP first, then UDP, then IP and at last Ethernet. Temporary filters can also be created by selecting the "Colorize with Filter > Color X" menu items when rightclicking in the packet-detail pane.