Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues

Published in: Education
  • Login to see the comments


  1. 1. .MehrdadLinux@Gmail Com ‫عباسی‬ ‫مهرداد‬ : ‫عنوان‬wireshark ‫عباسی‬ ‫مهرداد‬ .MehrdadLinux@Gmail Com
  2. 2. .MehrdadLinux@Gmail Com ‫عباسی‬ ‫مهرداد‬ What is network packet ● Data 0 – 1 ● Media ● packet ● packet-switched network
  3. 3. .MehrdadLinux@Gmail Com ‫عباسی‬ ‫مهرداد‬ What is packet analyzer? ● packet analyzer – network analyzer – protocol analyzer – packet sniffer ● particular types of networks – Ethernet sniffer – wireless sniffer
  4. 4. .MehrdadLinux@Gmail Com ‫عباسی‬ ‫مهرداد‬ Packet sniffers can ● Analyze network problems ● Detect network intrusion attempts ● Detect network misuse by internal and external users ● Documenting regulatory compliance through logging all perimeter and endpoint traffic ● Gain information for effecting a network intrusion ● Isolate exploited systems ● Monitor WAN bandwidth utilization ● Monitor network usage (including internal and external users and systems) ● Monitor data-in-motion ● Monitor WAN and endpoint security status ● Gather and report network statistics ● Filter suspect content from network traffic ● Serve as primary data source for day-to-day network monitoring and management ● Spy on other network users and collect sensitive information such as login details or users cookies (depending on any content encryption methods that may be in use) ● Reverse engineer proprietary protocols used over the network ● Debug client/server communications ● Debug network protocol implementations ● Verify adds, moves and changes ● Verify internal control system effectiveness (firewalls, access control, Web filter, spam filter, proxy)
  5. 5. .MehrdadLinux@Gmail Com ‫عباسی‬ ‫مهرداد‬ Notable packet analyzers ● Cain and Abel ● Capsa Network Analyzer ● Carnivore (FBI) ● CommView ● dSniff ● ettercap ● Fiddler ● Kismet ● Lanmeter ● Microsoft Network Monitor ● Microsoft Message Analyzer ● NarusInsight ● NetScout Systems nGenius Infinistream ● ngrep, Network Grep ● OmniPeek ● Riverbed SteelCentral Packet Analyzer (formerly known as Cascade Pilot) ● Riverbed SteelCentral Transaction Analyzer (formerly known as OPNET ATX and ACE) ● SkyGrabber ● snoop ● tcpdump ● Wireshark (formerly known as Ethereal) ● Xplico Open source Network Forensic Analysis Tool
  6. 6. .MehrdadLinux@Gmail Com ‫عباسی‬ ‫مهرداد‬ What is Wireshark? ● Wireshark is a free and open-source packet analyzer. ● Developer(s) The Wireshark team ● Stable release 1.12.7 / 12 August 2015; 45 days ago ● Written in C (and C++ in the development version) ● Operating system Cross-platform ● Type Packet analyzer ● License GNU GPL ● Website
  7. 7. .MehrdadLinux@Gmail Com ‫عباسی‬ ‫مهرداد‬ Wireshark History ● 1990s, Gerald Combs ● a computer science graduate of the University of Missouri–Kansas City ● was working for a small Internet service provider ● The commercial protocol analysis products at the time were priced around $1500 ● did not run on the company's primary platforms (Solaris and Linux ● began writing Ethereal and released the first version around 1998 ● The Ethereal trademark is owned by Network Integration Services ● In May 2006, Combs accepted a job with CACE Technologies. Combs still held copyright on most of Ethereal's source code (and the rest was re-distributable under the GNU GPL), so he used the contents of the Ethereal Subversion repository as the basis for the Wireshark repository. However, he did not own the Ethereal trademark, so he changed the name to Wireshark ● In 2010 Riverbed Technology purchased CACE and took over as the primary sponsor of Wireshark. Ethereal development has ceased, and an Ethereal security advisory recommended switching to Wireshark
  8. 8. .MehrdadLinux@Gmail Com ‫عباسی‬ ‫مهرداد‬ Wireshark Developer ● Over 850 Developer ● Windows Installer (64-bit) ● Windows Installer (32-bit) ● Windows PortableApps (32-bit) ● OS X 10.6 and later Intel 64-bit .dmg ● OS X 10.6 and later Intel 32-bit .dmg ● Source Code
  9. 9. .MehrdadLinux@Gmail Com ‫عباسی‬ ‫مهرداد‬ Wireshark doc ● Online doc ● Offline doc ● books ● Wireshark Certified Network Analyst (WCNA) Program
  10. 10. .MehrdadLinux@Gmail Com ‫عباسی‬ ‫مهرداد‬ Intro to wireshark ● Menu ● How to cap ● Test filter ● Have fun ...