Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

OSTU - Chris Sanders on Wireshark


Published on

Chris Sanders is a 21 year old college senior at Murray State University and a network consultant for KeeFORCE, one of western Kentucky's largest technical consulting firms. In this role Chris works with businesses of all sizes, consulting on issues including network planning, traffic analysis, and general network administration. He also hosts his own website,, which offers tutorials, guides, and technical commentary, including the very popular Packet School 101. In addition, Chris is a staff writer for and For the last few years, he has used Wireshark for packet analysis almost daily. Recently, Chris authored his second book, entitled Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems.

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

OSTU - Chris Sanders on Wireshark

  1. 1. Packet Sniffing for Network Troubleshooting Using Ethereal Chris Sanders – A+, MCP, CWNA
  2. 2. What is Packet Sniffing? <ul><li>Intercepting and logging of traffic passing over a digital network </li></ul><ul><li>Uses sophisticated tools that not only intercept, but also analyze the traffic </li></ul>
  3. 3. How Packet Sniffing Works <ul><li>Networks communicate based on IP (Layer 3) and MAC (Layer 2) addresses </li></ul><ul><li>IP communication uses ARP requests to determine the MAC addresses of machines to communicate with </li></ul><ul><li>This is managed through a shared (hub) or switched network environment </li></ul>
  4. 4. Sniffing on a Shared Network <ul><li>In a shared network environment, all nodes compete for network traffic </li></ul><ul><li>All network traffic is broadcast to all hosts on the wire </li></ul><ul><li>Using a packet sniffer you can see all traffic sent and received by any host on the network </li></ul>
  5. 5. Sniffing on a Switched Network <ul><li>Switched Ethernet networks use devices called switches that keep track of MAC addresses so that communication is only sent to the device that needs it </li></ul><ul><li>You must use techniques such as ARP cache poisoning or port mirroring to successfully sniff traffic on a switched network </li></ul>
  6. 6. Why Sniff Network Traffic? <ul><li>Diagnose network problems </li></ul><ul><li>Determine sources of latency </li></ul><ul><li>Identify possibly security threats </li></ul><ul><li>Test network centric applications </li></ul>
  7. 7. Ethereal <ul><li>Freely distributed under the GNU Public License </li></ul><ul><li>Open Source project </li></ul><ul><li> </li></ul><ul><li> </li></ul>
  8. 8. Ethereal Features <ul><li>Graphical and Command-Line interface </li></ul><ul><li>Uses .cap file format which is widely used in other packet capturing software </li></ul><ul><li>Supports around 759 protocols </li></ul><ul><li>Allows for using capture and display filters to remove packets not relevant to your current task </li></ul>
  9. 9. Ethereal Support <ul><li>Massive open source support community </li></ul><ul><li>Ethereal Wiki: </li></ul><ul><li>Ethereal Mailing List: </li></ul><ul><li>Ethereal User Documentation: </li></ul>
  10. 10. Disclaimer <ul><li>NEVER sniff packets on a network that you do not have permission to do so on! </li></ul>
  11. 11. Questions <ul><li>Feel free to send any questions on this topic to me at: [email_address] </li></ul><ul><li>For more tutorials on packet sniffing and Ethereal including an installation guide you can go to . </li></ul>