Successfully reported this slideshow.
Wireshark Training - QuickStart Tony Fortunato, Sr Network Specialist The Technology Firm
Why use Wireshark? <ul><li>Wireshark   can   be   used   for   the   following   tasks; </li></ul><ul><ul><li>To   determi...
What is a Protocol Analyzer? Cabling, electrical signals, light, radio properties MAC Addressing IP addressing TCP/UDP add...
Windows Installation Command Line Option <ul><li>If   you   run   the   setup   file   with   no,   or   incorrect   optio...
To Check Your Silent Install Progress <ul><li>The   silent   install   is   a   real   Catch-22 </li></ul><ul><ul><li>The ...
About your Wireshark <ul><li>To   get   information   about   your   Wireshark   installation   go   to   Help   ->   Abou...
TIP: Launch Wireshark Quickly and Easily <ul><li>Add   a   “Shortcut   key”   to   make   Wireshark   easier   to   get   ...
Starting Wireshark  Edit -> Preferences - > Layout
Starting Wireshark  Edit -> Preferences - > Columns
Choose Your Default Adapter
Stop The Chatter
Capture Options Dialogue Box <ul><li>Since   this   is   what   can   make   or   break   your   success,   we’ll   review...
Capture Options – Capture File(s) Frame <ul><li>Creates   files   with   the   following   syntax; </li></ul><ul><li>Filen...
Capture Options – Stop Capture Frame <ul><li>This   frame   allows   you   to   control   when   Wireshark   will   stop  ...
Capture – Capture Filters <ul><li>This   screen   allows   you   to   Add   or   Delete   Capture   filters </li></ul>Make...
‘ Sorting Columns’ Output is Sorted By Frame No By Default Click Info Header
Neat Feature – ‘Drag and Drop’ <ul><li>You   can   now   drag   and   drop   a   file   from   Windows   Explorer   direct...
Resize Column
Statistics: Neat Feature – ‘Conversation List’ <ul><li>You   can   now   see   a   list   of   all   the   TCP,   IP   or ...
Analyze: Display Filters <ul><li>Display   filters   can   be   applied   from   the   previous   list   or   create   new...
Analyze: Follow TCP Stream  <ul><li>Follow   TCP   streams   can   be   between   IP   address   or   entire   conversatio...
Shortcut Keys File Open  Ctrl + O Mark Packet Ctrl + M File Close Ctrl + W Find Next Mark Shift + Ctrl + N File Save Ctrl ...
Capture Filter Reference Command Description ether host  MAC address Capture all packets to and from a MAC  address IP Fil...
Capture Filter Examples Command Description ether host 00:15:c5:37:40:60 Capture all packets to and from MAC   00:15:c5:37...
Wireshark Training - QuickStart Tony Fortunato, Sr Network Specialist The Technology Firm Thank you
<ul><li>For additional educational videos on Open Source Network Tools, please click on the following … </li></ul><ul><li>...
Upcoming SlideShare
Loading in …5
×

OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)

9,289 views

Published on

Tony Fortunato is a Senior Network Specialist with experience in design, implementation, and troubleshooting of LAN/WAN/Wireless networks, desktops and servers since 1989. His background in financial networks includes design and implementation of trading floor networks. Tony has taught at local high schools, Colleges/Universities, Networld/Interop and many onsite private classroom settings to thousands of analysts.

Published in: Technology

OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)

  1. 1. Wireshark Training - QuickStart Tony Fortunato, Sr Network Specialist The Technology Firm
  2. 2. Why use Wireshark? <ul><li>Wireshark can be used for the following tasks; </li></ul><ul><ul><li>To determine how your applications behave on the wire </li></ul></ul><ul><ul><li>To identify application dependencies </li></ul></ul><ul><ul><ul><li>For assistance in configuring firewalls </li></ul></ul></ul><ul><ul><ul><li>In understanding why your application is slow </li></ul></ul></ul><ul><ul><li>To see if login or critical data is in clear text or not </li></ul></ul><ul><ul><li>Make sure your PC is configured optimally and it doesn’t generate unnecessary traffic </li></ul></ul><ul><ul><li>Identify viruses, Trojans, worms or other uninstalled software </li></ul></ul><ul><ul><li>Monitor network for unwelcome applications like peer to peer applications </li></ul></ul>
  3. 3. What is a Protocol Analyzer? Cabling, electrical signals, light, radio properties MAC Addressing IP addressing TCP/UDP addressing Physical Layer Data Link Layer Network Layer Transport Layer Protocol Analyzer Cable Tester or Spectrum Analyzer
  4. 4. Windows Installation Command Line Option <ul><li>If you run the setup file with no, or incorrect options, you get the standard installer </li></ul><ul><li>Helpful command line options; </li></ul><ul><ul><li>/S runs the installer or uninstaller silently with default values. </li></ul></ul><ul><ul><ul><li>Default values are desktopicon=yes and /quicklaunchicon=yes </li></ul></ul></ul><ul><ul><ul><li>The silent installer option doesn't install WINPCAP! </li></ul></ul></ul><ul><ul><li>/desktopicon installation of the desktop icon, =yes - force installation, =no - don't install, otherwise use defaults / user settings. This option can be useful for a silent installer. </li></ul></ul><ul><ul><li>/quicklaunchicon installation of the quick launch icon, =yes - force installation, =no - don't install, otherwise use defaults / user settings. </li></ul></ul><ul><ul><li>/D sets the default installation directory ($INSTDIR), overriding InstallDir and InstallDirRegKey. It must be the last parameter used in the command line and must not contain any quotes, even if the path contains spaces. </li></ul></ul><ul><ul><li>Example: </li></ul></ul><ul><ul><li>The following will silently install Wireshark without a desktopicon or quicklaunchicon ; </li></ul></ul><ul><ul><li>wireshark-setup.exe /S /desktopicon=no /quicklaunchicon=no </li></ul></ul>
  5. 5. To Check Your Silent Install Progress <ul><li>The silent install is a real Catch-22 </li></ul><ul><ul><li>The good news is its silent, so you can get a customer to install it quickly, without prompts </li></ul></ul><ul><ul><li>The bad news is you really don’t know when its done </li></ul></ul><ul><ul><ul><li>To check the status of the install, use your Task Manager and sort by CPU. The Wireshark setup file will be near the top of the Processes list </li></ul></ul></ul><ul><ul><ul><li>Check your hard drive activity to get a sense if the software is being installed </li></ul></ul></ul><ul><ul><ul><li>Watch your Desktop and Quick Launch Toolbar for the Wireshark logo to appear </li></ul></ul></ul>
  6. 6. About your Wireshark <ul><li>To get information about your Wireshark installation go to Help -> About </li></ul>
  7. 7. TIP: Launch Wireshark Quickly and Easily <ul><li>Add a “Shortcut key” to make Wireshark easier to get at. </li></ul><ul><li>In this example, we assign Ctrl + Shift + W to Wireshark </li></ul>Right- Click Select Properties Press Ctrl + Shift + W
  8. 8. Starting Wireshark Edit -> Preferences - > Layout
  9. 9. Starting Wireshark Edit -> Preferences - > Columns
  10. 10. Choose Your Default Adapter
  11. 11. Stop The Chatter
  12. 12. Capture Options Dialogue Box <ul><li>Since this is what can make or break your success, we’ll review this in more detail </li></ul>
  13. 13. Capture Options – Capture File(s) Frame <ul><li>Creates files with the following syntax; </li></ul><ul><li>Filename_00001_yearmmddhhmmss </li></ul><ul><li>for example test_00001_20061102150628 </li></ul><ul><li>Capture Files will be in a libpcap format </li></ul>Stay with size limits since you do not know how much data will be flowing at any given time. 8MB 8MB In this example, Wireshark will create 2-8MB files. Start Capture Stop Capture
  14. 14. Capture Options – Stop Capture Frame <ul><li>This frame allows you to control when Wireshark will stop capturing. </li></ul><ul><li>This will not save to a file. </li></ul><ul><li>If multiple options are checked, the first condition it reaches, will stop the analyzer. </li></ul>Filters are contained in this file C:Documents and …….Application DataWiresharkcfilters ** If you choose to create your own cfilters file, remember to leave the last line in this file blank.
  15. 15. Capture – Capture Filters <ul><li>This screen allows you to Add or Delete Capture filters </li></ul>Make the Filter name and Filter string the same to avoid confusion 2 1 Filters are contained in this file C:Documents and …….Application DataWiresharkcfilters ** Remember to leave the last line in this file blank..
  16. 16. ‘ Sorting Columns’ Output is Sorted By Frame No By Default Click Info Header
  17. 17. Neat Feature – ‘Drag and Drop’ <ul><li>You can now drag and drop a file from Windows Explorer directly into Wireshark. </li></ul>
  18. 18. Resize Column
  19. 19. Statistics: Neat Feature – ‘Conversation List’ <ul><li>You can now see a list of all the TCP, IP or MAC addresses. </li></ul>
  20. 20. Analyze: Display Filters <ul><li>Display filters can be applied from the previous list or create new filters. </li></ul>
  21. 21. Analyze: Follow TCP Stream <ul><li>Follow TCP streams can be between IP address or entire conversation </li></ul><ul><li>Traffic from A to B is marked in Red and from B to A is marked in Blue </li></ul>
  22. 22. Shortcut Keys File Open Ctrl + O Mark Packet Ctrl + M File Close Ctrl + W Find Next Mark Shift + Ctrl + N File Save Ctrl + S Find Prev Mark Shift + Ctrl + B File Save As Ctrl + Shift + S Zoom In Ctrl + + File Quit Ctrl + Q Zoom Out Ctrl + - Preferences Shift + Ctrl + P Normal Size Ctrl + = Find Packet Ctrl + F Expand Protocol Tree Ctrl + Right Arrow Find Next Ctrl + N Collapse Protocol Tree Ctrl + Left Arrow Find Previous Ctrl + B Previous Packet Ctrl + Pg Up Set Time Reference Ctrl + T Next Packet Ctrl + Down Go to Packet No Ctrl + G Capture Options Ctrl + K
  23. 23. Capture Filter Reference Command Description ether host MAC address Capture all packets to and from a MAC address IP Filters host ip address Capture all packets to and from an ip address src host ip address Capture all packets from an ip address dst host ip address Capture all packets to an ip address TCP/UDP Filters port port Capture all packets to and from a port number src port port Capture all packets from a port number dst port port Capture all packets to a port number IP Network Filters net net Capture all packets to and from a net src net net Capture all packets from a net dst net net Capture all packets to a net
  24. 24. Capture Filter Examples Command Description ether host 00:15:c5:37:40:60 Capture all packets to and from MAC 00:15:c5:37:40:60 IP Filters host 10.44.10.1 Capture all packets to and from 10.44.10.1 host www.wireshark.org Capture all packets from www.wireshark.org TCP/UDP Filters port 80 Capture all packets to and from TCP/UDP port number 80 port http Capture all packets from devices using http IP Network Filters net 10.44.10 Capture all packets to and from a subnet 10.44.10 arp Capture all arp packets udp Capture all udp packets tcp Capture all tcp packets
  25. 25. Wireshark Training - QuickStart Tony Fortunato, Sr Network Specialist The Technology Firm Thank you
  26. 26. <ul><li>For additional educational videos on Open Source Network Tools, please click on the following … </li></ul><ul><li>http://www.lovemytool.com/blog/ostu.html </li></ul>LoveMyTool.com – Community for Network Tools

×