Wireshark Tony Fortunato, Sr Network Specialist The Technology Firm Build A Free Remote Analyzer
What are you talking about? <ul><li>Many times analysts need a remote analyzer </li></ul><ul><li>Why not just install Wire...
Installing Wireshark and VNC on a PC <ul><li>The PC you choose to use as a remote analyzer should have at least 2 interfac...
My Example <ul><li>UltraVNC </li></ul><ul><li>Wireshark </li></ul>Ethernet Analyzer Management
Testing <ul><li>Connect both interfaces to the network and capture some packets from both interfaces to ensure they are wo...
Bonus ** Remote control <ul><li>In some cases I have used remote control services instead of VNC to remotely control the P...
Connect and Analyze <ul><li>Now that Wireshark and VNC is working, all you have to do is connect and capture your packets ...
Wireshark Training - QuickStart Tony Fortunato, Sr Network Specialist The Technology Firm Thank you
<ul><li>For additional educational videos on Open Source Network Tools, please click on the following … </li></ul><ul><li>...
Upcoming SlideShare
Loading in …5
×

OSTU - Building a Remote Wireshark Analyzer (by Tony Fortunato)

4,563 views

Published on

Tony Fortunato is a Senior Network Specialist with experience in design, implementation, and troubleshooting of LAN/WAN/Wireless networks, desktops and servers since 1989. His background in financial networks includes design and implementation of trading floor networks. Tony has taught at local high schools, Colleges/Universities, Networld/Interop and many onsite private classroom settings to thousands of analysts.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
4,563
On SlideShare
0
From Embeds
0
Number of Embeds
294
Actions
Shares
0
Downloads
59
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

OSTU - Building a Remote Wireshark Analyzer (by Tony Fortunato)

  1. 1. Wireshark Tony Fortunato, Sr Network Specialist The Technology Firm Build A Free Remote Analyzer
  2. 2. What are you talking about? <ul><li>Many times analysts need a remote analyzer </li></ul><ul><li>Why not just install Wireshark on the clients PC? </li></ul><ul><ul><li>Client may not have Administrative equivalent account to install Wireshark </li></ul></ul><ul><ul><li>Adding another process may make the problem worse </li></ul></ul><ul><ul><li>You may not want the customer to have access to the trace file </li></ul></ul><ul><ul><li>You do not know the hardware and software on the customers’ PC </li></ul></ul><ul><li>Why build or roll your own analyzer </li></ul><ul><ul><li>Customers may be geographically dispersed </li></ul></ul><ul><ul><li>You may want to capture from several points </li></ul></ul><ul><ul><li>You have control over the PC </li></ul></ul><ul><ul><li>You can even trouble shoot those problems where PC’s reboot </li></ul></ul><ul><ul><li>Its fun and easy.. OK I have to take my meds now. </li></ul></ul>
  3. 3. Installing Wireshark and VNC on a PC <ul><li>The PC you choose to use as a remote analyzer should have at least 2 interfaces </li></ul><ul><li>By using 2 adapters, you won’t have to worry about filtering out your remote control packets </li></ul><ul><li>Use your imagination; for example why not; 1 Ethernet, 1 WIFI </li></ul><ul><li>TIP; If you want to use a laptop, use a PCMCIA Ethernet adapter or Ethernet/WIFI USB adapter. </li></ul><ul><li>The 2 interfaces are important; </li></ul><ul><ul><li>1 will be the Management Interface </li></ul></ul><ul><ul><ul><li>This interface will have all the IP information required to communicate with you </li></ul></ul></ul><ul><ul><li>1 will be the Analyzer Interface </li></ul></ul><ul><ul><ul><li>This interface will NOT have any protocols loaded </li></ul></ul></ul><ul><li>As far as the software goes, use whatever OS you want as long as it is supported by Wireshark </li></ul><ul><ul><li>I’m going to use Windows in this example </li></ul></ul><ul><li>The other thing you need to install is remote control software. </li></ul><ul><ul><li>I’m going to use UltraVNC since it is multi-platform </li></ul></ul>
  4. 4. My Example <ul><li>UltraVNC </li></ul><ul><li>Wireshark </li></ul>Ethernet Analyzer Management
  5. 5. Testing <ul><li>Connect both interfaces to the network and capture some packets from both interfaces to ensure they are working properly </li></ul><ul><li>Test UltraVNC for remote control access </li></ul><ul><li>In this example my laptop has an Ethernet and WIFI interface </li></ul><ul><ul><li>The Intel WIFI interface will be my Management interface </li></ul></ul><ul><ul><li>The Broadcom Ethernet interface will be my Analyzer interface </li></ul></ul>
  6. 6. Bonus ** Remote control <ul><li>In some cases I have used remote control services instead of VNC to remotely control the PC. </li></ul><ul><ul><li>Logmein.com </li></ul></ul><ul><ul><li>Gotomypc.com </li></ul></ul><ul><li>In the future I will investigate how to do this with rpcap, but it’s a bit trickier. </li></ul>
  7. 7. Connect and Analyze <ul><li>Now that Wireshark and VNC is working, all you have to do is connect and capture your packets from the analyze port </li></ul><ul><li>Since this is your troubleshooting PC, you may want to consider several other tools for your troubleshooting, which I may cover in future sessions; </li></ul><ul><ul><li>Lookatlan </li></ul></ul><ul><ul><li>Servers Alive </li></ul></ul><ul><ul><li>MRTG </li></ul></ul><ul><ul><li>Perl </li></ul></ul><ul><ul><li>Portable webserver </li></ul></ul><ul><ul><li>Portable FTP server </li></ul></ul><ul><ul><li>Camstudio </li></ul></ul><ul><ul><li>Easycapture </li></ul></ul><ul><ul><li>Iperf </li></ul></ul><ul><ul><li>tftpserver </li></ul></ul>
  8. 8. Wireshark Training - QuickStart Tony Fortunato, Sr Network Specialist The Technology Firm Thank you
  9. 9. <ul><li>For additional educational videos on Open Source Network Tools, please click on the following … </li></ul><ul><li>http://www.lovemytool.com/blog/ostu.html </li></ul>LoveMyTool.com – Community for Network Tools

×