L2/L3 network operation
Where to locate Wireshark
Taps and port-mirror
Local and remote monitoring
Capture data from multiple interfaces
Capture data on virtual machines
Yoram Orzach is Experienced Instructor in the areas of IP technologies, network design, network analysis and optimization and network forensics, providing courses based on strong theoretical background and real-world case studies, based on many years of training and field experience world-wide.
lesson 2- Network analysis Using Wireshark introduction to cellular feb-2017Yoram Orzach
• By the end of this lesson, the you will be able to:
▫ Understand the main menus and commands of Wireshark
▫ Start capturing data with the Wireshark software
▫ Configure basic parameters with Wireshark
Yoram Orzach is Experienced Instructor in the areas of IP technologies, network design, network analysis and optimization and network forensics, providing courses based on strong theoretical background and real-world case studies, based on many years of training and field experience world-wide.
Network analysis Using Wireshark Lesson 12 - bandwidth and delay issuesYoram Orzach
Network analysis Using Wireshark Lesson 12
By the end of this lesson, the participant will be able to:
▫ Perform bandwidth and throughput tests
▫ Measure applications throughput
▫ Understand the impact of delay and jitter on network applications
Network Analysis Using Wireshark -Chapter 6- basic statistics toolsYoram Orzach
Yoram Orzach is Experienced Instructor in the areas of IP technologies, network design, network analysis and optimization and network forensics, providing courses based on strong theoretical background and real-world case studies.
By the end of this lesson, the participant will be able to:
▫ Understand the types of statistics tools available in Wireshark
▫ Perform network monitoring with these tools
Network Analysis Using Wireshark Chapter 08 the expert systemYoram Orzach
Yoram Orzach is Experienced Instructor in the areas of IP technologies, network design, network analysis and optimization and network forensics, providing courses based on strong theoretical background and real-world case studies, based on many years of training and field experience world-wide.
Network analysis Using Wireshark 4: Capture FiltersYoram Orzach
• By the end of this lesson, the participant will be able to:
▫ Understand basic capture filters
▫ Perform basic capture filtering
Used to define which packets are going to be captured (be
careful!!!)
What are Capture Filters
• Wireshark uses the libpcap filter language for capture filters
lesson 2- Network analysis Using Wireshark introduction to cellular feb-2017Yoram Orzach
• By the end of this lesson, the you will be able to:
▫ Understand the main menus and commands of Wireshark
▫ Start capturing data with the Wireshark software
▫ Configure basic parameters with Wireshark
Yoram Orzach is Experienced Instructor in the areas of IP technologies, network design, network analysis and optimization and network forensics, providing courses based on strong theoretical background and real-world case studies, based on many years of training and field experience world-wide.
Network analysis Using Wireshark Lesson 12 - bandwidth and delay issuesYoram Orzach
Network analysis Using Wireshark Lesson 12
By the end of this lesson, the participant will be able to:
▫ Perform bandwidth and throughput tests
▫ Measure applications throughput
▫ Understand the impact of delay and jitter on network applications
Network Analysis Using Wireshark -Chapter 6- basic statistics toolsYoram Orzach
Yoram Orzach is Experienced Instructor in the areas of IP technologies, network design, network analysis and optimization and network forensics, providing courses based on strong theoretical background and real-world case studies.
By the end of this lesson, the participant will be able to:
▫ Understand the types of statistics tools available in Wireshark
▫ Perform network monitoring with these tools
Network Analysis Using Wireshark Chapter 08 the expert systemYoram Orzach
Yoram Orzach is Experienced Instructor in the areas of IP technologies, network design, network analysis and optimization and network forensics, providing courses based on strong theoretical background and real-world case studies, based on many years of training and field experience world-wide.
Network analysis Using Wireshark 4: Capture FiltersYoram Orzach
• By the end of this lesson, the participant will be able to:
▫ Understand basic capture filters
▫ Perform basic capture filtering
Used to define which packets are going to be captured (be
careful!!!)
What are Capture Filters
• Wireshark uses the libpcap filter language for capture filters
Network analysis Using Wireshark Lesson 1- introduction to network troublesho...Yoram Orzach
Network analysis Using Wireshark
By the end of this lesson you will:
• Understand how to approach a network problem
• Understand the difference between GO-NOGO and
performance problems
• Understand the tools that assist us in the network
troubleshooting process
Network Analysis using Wireshark 5: display filtersYoram Orzach
Yoram Orzach is Experienced Instructor in the areas of IP technologies, network design, network analysis and optimization and network forensics, providing courses based on strong theoretical background and real-world case studies, based on many years of training and field experience world-wide.
Network Analysis Using Wireshark -10- arp and ip analysis Yoram Orzach
• By the end of this lesson, the participant will be able to:
▫ Understand ARP and IP
▫ Isolate and fix basic IP/ARP networking problems Yoram Orzach is Experienced Instructor in the areas of IP technologies, network design, network analysis and optimization and network forensics, providing courses based on strong theoretical background and real-world case studies, based on many years of training and field experience world-wide.
Network analysis Using Wireshark Lesson 11: TCP and UDP AnalysisYoram Orzach
Network analysis Using Wireshark Lesson
By the end of this lesson, the participant will be able to:
▫ Understand UDP and TCP network behavior
▫ Understand TCP connectivity problems
▫ Understand how to use Wireshark for TCP troubleshooting
Network Analysis Using Wireshark Jan 18- seminar Yoram Orzach
Lesson objective:
By the end of this lesson you will:
Get an approach to network troubleshooting
Understand the wireshark software
understand how to use wireshark for network protocols troubleshooting
Yoram Orzach is Experienced Instructor in the areas of IP technologies, network design, network analysis and optimization and network forensics, providing courses based on strong theoretical background and real-world case studies, based on many years of training and field experience world-wide.
Presented @ ISA Safety & Security Symposium 2012
Aneheim, CA, April 2012
Wireshark is the de facto network packet analysis tool used in the industry today. It is an easily extensible open–source tool that provides a large number of capabilities for users. It’s not just for IT–based protocols either. Many industrial protocols have created packet decoders for Wireshark. This tutorial will provide the user with:
* An introduction to protocol layering
* A basic overview of packet capture and analysis
* A demonstration of how Wireshark can be used for packet capture and analysis
* Examples of some industrial protocol in Wireshark
* An explanation of some more advanced features available in Wireshark
Wireshark course, Ch 02: Introduction to wiresharkYoram Orzach
This chapter introduces the very basics of Wireshark - how to start packet capture, where to locate it in the network and how to configure basic operations. In chapter 3 we will learn how to configure capture and display filters.
Description of Microsoft Silverlight technology.
Advantages over "standard streaming", download and progressive download methods.
Silverlight session description and analysis using wireshark
SSL basics and SSL packet analysis using wiresharkAl Imran, CISA
1. Definition of SSL
2. component of SSL
3. Secure connection establishment process
4. Real SSL packet capture and analysis using Wireshark
5. Digital Certificate, digital signature, digital envelop
Network analysis Using Wireshark Lesson 1- introduction to network troublesho...Yoram Orzach
Network analysis Using Wireshark
By the end of this lesson you will:
• Understand how to approach a network problem
• Understand the difference between GO-NOGO and
performance problems
• Understand the tools that assist us in the network
troubleshooting process
Network Analysis using Wireshark 5: display filtersYoram Orzach
Yoram Orzach is Experienced Instructor in the areas of IP technologies, network design, network analysis and optimization and network forensics, providing courses based on strong theoretical background and real-world case studies, based on many years of training and field experience world-wide.
Network Analysis Using Wireshark -10- arp and ip analysis Yoram Orzach
• By the end of this lesson, the participant will be able to:
▫ Understand ARP and IP
▫ Isolate and fix basic IP/ARP networking problems Yoram Orzach is Experienced Instructor in the areas of IP technologies, network design, network analysis and optimization and network forensics, providing courses based on strong theoretical background and real-world case studies, based on many years of training and field experience world-wide.
Network analysis Using Wireshark Lesson 11: TCP and UDP AnalysisYoram Orzach
Network analysis Using Wireshark Lesson
By the end of this lesson, the participant will be able to:
▫ Understand UDP and TCP network behavior
▫ Understand TCP connectivity problems
▫ Understand how to use Wireshark for TCP troubleshooting
Network Analysis Using Wireshark Jan 18- seminar Yoram Orzach
Lesson objective:
By the end of this lesson you will:
Get an approach to network troubleshooting
Understand the wireshark software
understand how to use wireshark for network protocols troubleshooting
Yoram Orzach is Experienced Instructor in the areas of IP technologies, network design, network analysis and optimization and network forensics, providing courses based on strong theoretical background and real-world case studies, based on many years of training and field experience world-wide.
Presented @ ISA Safety & Security Symposium 2012
Aneheim, CA, April 2012
Wireshark is the de facto network packet analysis tool used in the industry today. It is an easily extensible open–source tool that provides a large number of capabilities for users. It’s not just for IT–based protocols either. Many industrial protocols have created packet decoders for Wireshark. This tutorial will provide the user with:
* An introduction to protocol layering
* A basic overview of packet capture and analysis
* A demonstration of how Wireshark can be used for packet capture and analysis
* Examples of some industrial protocol in Wireshark
* An explanation of some more advanced features available in Wireshark
Wireshark course, Ch 02: Introduction to wiresharkYoram Orzach
This chapter introduces the very basics of Wireshark - how to start packet capture, where to locate it in the network and how to configure basic operations. In chapter 3 we will learn how to configure capture and display filters.
Description of Microsoft Silverlight technology.
Advantages over "standard streaming", download and progressive download methods.
Silverlight session description and analysis using wireshark
SSL basics and SSL packet analysis using wiresharkAl Imran, CISA
1. Definition of SSL
2. component of SSL
3. Secure connection establishment process
4. Real SSL packet capture and analysis using Wireshark
5. Digital Certificate, digital signature, digital envelop
3.7.10 Lab Use Wireshark to View Network TrafficRio Ap
Skenario soal latihan lengkap Lab 3.7.10 dari materi Cisco CCNA 1 v7. Untuk mengetahui kegunaan wireshark dalam mengcapture dan menganalisa traffic jaringan. Di skenario ini menggunakan protocol ICMP yang dipakai pada saat melakukan perintah Ping dari command line interface windows 10.
To gain an understanding of the way in which
PROFINET devices communicate with one
another over Ethernet.
• To learn how to capture the PROFINET
Frames using Wireshark®.
• To see how Wireshark® can be used to analyse
the captured frames to gain an understanding
of the various protocols.
• This is a topic covered in more detail in the
Certified PROFINET Engineers Course
Wireshark tool has been a staple favourite of cybersecurity engineers for reasons more than one. This open-source network analyser helps in packet sniffing, troubleshooting network problems, and investigating security incidents. If you want to know more about Wireshark this blog here is perfect for you since it offers a detailed account of the major features of the tool. Alongside, the blog also talks about the interfaces supported by Wireshark and its multiple benefits. You will even get to know about the top competitors of the tool from this article.
Compromising Industrial Facilities From 40 Miles AwayEnergySec
Presented by: Lucas Apa and Carlos Mario Penagos, IOActive
Abstract: The evolution of wireless technologies has allowed industrial automation and control systems (IACS) to become strategic assets for companies that rely on processing plants and facilities. When sensors and transmitters are attacked, remote sensor measurements on which critical decisions are made might be modified, this could lead to unexpected, harmful, and dangerous consequences.
This presentation demonstrates attacks that exploit key distribution vulnerabilities we recently discovered in every wireless device made by three leading industrial wireless automation solution providers. We will review the most commonly implemented key distribution schemes, their weaknesses, and how vendors can more effectively align their designs with key distribution solutions.
Hack WiFi on windows,
Here all slides give you information about ho to hack WiFi step by step,
So please Like share and follow me for new hacking information for you.
Thank you
Wireless Pentesting: It's more than cracking WEPJoe McCray
This presentation walks you through the fundamentals of attacking and defending wireless networks.
Attacking WEP, WPA, WPA2, WPA Enterprise and captive portals is covered, and this presentation will be updated periodically. So keep checking back for updates.
Question 1 Which of the following statements is true regarding Wir.docxJUST36
Question 1
Which of the following statements is true regarding Wireshark?
[removed]
Wireshark is probably the most widely used packet capture and analysis software in the world.
[removed]
The expense of Wireshark makes it cost-prohibitive for most organizations.
[removed]
Compared to similar commercial products, Wireshark has the most sophisticated diagnostic tools.
[removed]
Wireshark saves frame details in a format that is incompatible and unusable by other software tools.
5 points
Question 2
The main screen of Wireshark includes several shortcuts. Which shortcut category displays a list of the network interfaces, or machines, that Wireshark has identified, and from which packets can be captured and analyzed?
[removed]
Capture Help
[removed]
Capture
[removed]
Files
[removed]
Online
5 points
Question 3
Which of the following enables Wireshark to capture packets destined to any host on the same subnet or virtual LAN (VLAN)?
[removed]
Capture Help
[removed]
Host mode
[removed]
Subnet mode
[removed]
Promiscuous mode
5 points
Question 4
The top pane of the Wireshark window, referred to as the __________, contains all of the packets that Wireshark has captured, in time order, and provides a summary of the contents of the packet in a format close to English.
[removed]
byte summary
[removed]
byte data
[removed]
frame detail
[removed]
frame summary
5 points
Question 5
The middle pane of the Wireshark window, referred to as the __________, is used to display the packet structure and contents of fields within the packet.
[removed]
byte summary
[removed]
byte data
[removed]
frame detail
[removed]
frame summary
5 points
Question 6
The bottom pane of the Wireshark window, referred to as the __________, displays all of the information in the packet in hexadecimal and in decimalwhen possible.
[removed]
byte summary
[removed]
byte data
[removed]
frame detail
[removed]
frame summary
5 points
Question 7
Wireshark can be used in a variety of ways, however the most common configuration for Wireshark, and the configuration that you ran in the lab, has the software running:
[removed]
in a peer-to-peer configuration.
[removed]
from a probe or hub.
[removed]
on a local area network.
[removed]
on a local host.
5 points
Question 8
In the simplest terms, Wireshark is used to capture all packets:
[removed]
from a computer workstation to the Wireshark application window.
[removed]
to and from a computer workstation and the Wireshark application window.
[removed]
to and from a computer workstation and the server.
[removed]
to and from the Wireshark Network Analyzer and the Capture section of the Wireshark application window.
5 points
Question 9
Which of the following statements is true regarding how Wireshark works?
[removed]
Where packets are captured and how they are captured does not have any impact on how the packets are analyzed.
[removed]
By running the Wireshark software on the same computer that g ...
Similar to Network analysis Using Wireshark Lesson 3: locating wireshark (20)
Sustainable Solutions for Chemical Waste Disposal by Summerland Environmental...Summerland Environmental
Welcome to the presentation on Sustainable Solutions for Chemical Waste Disposal by Summerland Environmental. We will explore innovative methods and technologies for eco-friendly waste management.
Unlocking Insights: AI-powered Enhanced Due Diligence Strategies for Increase...RNayak3
Explore how a risk-based approach to Enhanced Due Diligence can deliver effective Anti-Money Laundering (AML) compliance and monitoring in banking and financial services.
Emmanuel Katto Uganda - A PhilanthropistMarina Costa
Emmanuel Katto is a well-known businessman from Uganda who is improving his town via his charitable work and commercial endeavors. The Emka Foundation is a non-profit organization that focuses on empowering adolescents through education, business, and skill development. He is the founder and CEO of this organization. His philanthropic journey is deeply personal, driven by a calling to make a positive difference in his home country. Check out the slides to more about his social work.
Merchants from high-risk industries face significant challenges due to their industry reputation, chargeback, and refund rates. These industries include sectors like gambling, adult entertainment, and CBD products, which often struggle to secure merchant accounts due to increased risks of chargebacks and fraud.
To overcome these difficulties, it is necessary to improve credit scores, reduce chargeback rates, and provide detailed business information to high-risk merchant account providers to enhance credibility.
Regarding security, implementing robust security measures such as secure payment gateways, two-factor authentication, and fraud detection software that utilizes machine learning systems is crucial.
Comprehensive Water Damage Restoration Serviceskleenupdisaster
Find out how Disaster Kleenup's professional water damage restoration services can quickly and efficiently restore your property. Find more about our advanced techniques and quick action plans. Visit here: https://iddk.com/disaster-cleanup-services/flood-damage/
Best steel industrial company LLC in UAEalafnanmetals
AL Afnan Steel Industrial Company LLC is a distinguished steel manufacturer and supplier, celebrated for its high-quality products and outstanding customer service. With a diverse portfolio that includes structural steel, and custom fabrications, AL Afnan meets a wide array of industrial demands. We are dedicated to using advanced technologies and sustainable methods to ensure excellence and reliability in every product, serving both local and international markets with efficiency.
Unlocking Business Potential: Democratizing AI and Navigating Generative AI i...RNayak3
Discover the profound impact of democratizing Generation AI on business transformation. Gain valuable insights into the reality check of AI implementation, strategic planning, and industry disruption. Explore how AI adoption, technology trends, and digital transformation reshape business strategies. Download the Report Now.
Forex Copy trading is the mode of trading offering great opportunities to the traders lacking time or in-depth market knowledge, yet willing to use currency trading as a form of investment and to increase their initial funds.
Looking for a genuine company for your Spanish Marriage Certificate Attestation? It is an important step to prove the authenticity of a certificate for any purpose in Dubai. Attestation On Time in Dubai is the perfect choice for your Spanish Marriage Certificate Attestation.
Purpose of attesting your Spanish marriage Certificate:
- To apply for family visa
- To enroll your child at school
- Other legal purpose
Why Attestation On Time is your best choice?
- Expert guidance will be provided with complete attestation procedures
- Safety and authenticity are always our top priority and concern
- Fastest service provider in Dubai
- We offer live status updates of your certificates
- We accept certificate from anywhere in the world
Attest your certificates with the help of our attestation experts. Contact us now +971 555514789 /+971 42955338 or share your queries to info@attestationontime.com or visit our website www.attestationontime.com
Discover How Long Do Aluminum Gutters Last?SteveRiddle8
Many people wonder how long aluminum gutters last. In this ppt, we will cover the lifetime of aluminum gutters, appropriate maintenance procedures, and the advantages of using this material for gutter installation.
Office Business Furnishings | Office EquipmentOFWD
OFWD is Edmonton’s Newest and most cost-effective source for Office Furnishings. Conveniently located on 170 street and 114 Avenue in Edmonton’s West End. We take pride in servicing a client base of over 500 corporations throughout the Edmonton and Alberta area. OFWD is in the business of satisfying the home or corporate office environment needs of our clients, from individual pieces of furniture for the home user to the implementation of complete turn-key projects on much larger scales. We supply only quality products from reputable manufacturers. It is our intention to continue to earn the trust of our clients by dealing with honesty and integrity and by providing service and after sales follow-up second to none.
Bridging the Language Gap The Power of Simultaneous Interpretation in RwandaKasuku Translation Ltd
Rwanda is a nation on the rise, fostering international partnerships and economic growth. With this progress comes a growing need for seamless communication across languages. Simultaneous interpretation emerges as a vital tool in this ever-evolving landscape. When seeking the best simultaneous interpretation in Rwanda, Kasuku Translation stands out as a premier choice.
DOJO Training Center - Empowering Workforce ExcellenceHimanshu
The document delves into DOJO training, an immersive offline training concept designed to educate both new hires and existing staff. This method follows an organized eight-step process within a simulated work setting. The steps encompass safety protocols, behavioral coaching, product familiarity, production guidelines, and procedural understanding. Trainees acquire skills through hands-on simulations and rehearsal prior to transitioning to actual shop floor duties under supervision. The primary aim is to minimize accidents and defects by ensuring employees undergo comprehensive training, preparing them effectively for their job roles.
SECUREX UK FOR SECURITY SERVICES AND MOBILE PATROLsecurexukweb
At Securex UK Ltd we are dedicated to providing top-rated security solutions tailored to your specific needs. With a team of highly trained professionals and cutting-edge technology, we prioritize your safety and peace of mind.
Our commitment to excellence extends beyond traditional security measures. We understand the dynamic nature of security challenges, and our personalized approach ensures that every client receives a bespoke protection plan.
Solar power panels, also known as photovoltaic (PV) panels, convert sunlight into electricity, offering a renewable and sustainable energy solution. Composed of semiconductor materials, typically silicon, these panels absorb photons from sunlight, generating an electric current through the photovoltaic effect. This clean energy source reduces dependence on fossil fuels, mitigates greenhouse gas emissions, and contributes to environmental sustainability.
eBrand Promotion Full Service Digital Agency Company ProfileChimaOrjiOkpi
eBrandpromotion.com is Nigeria’s leading Web Design/development and Digital marketing agency. We’ve helped 600+ clients in 24 countries achieve growth revenue of over $160+ Million USD in 12 Years. Whether you’re a Startup or the Unicorn in your industry, we can help your business/organization grow online. Thinking of taking your business online with a professionally designed world-class website or mobile application? At eBrand, we don’t just design beautiful mobile responsive websites/apps, we can guarantee that you will get tangible results or we refund your money…
eBrand Promotion Full Service Digital Agency Company Profile
Network analysis Using Wireshark Lesson 3: locating wireshark
1. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 1
Lesson 3 – Locating Wireshark
Network analysis Using Wireshark
Lesson 3:
Wireshark Basics
2. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 2
• By the end of this lesson, the participant will be able to:
▫ Understand Port-mirror and Taps
▫ Understand how to locate Wireshark in the networks for best
monitoring
Lesson Objectives
3. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 3
yoram@ndi-com.com
For More lectures, Courses & Keynote Speaking
Contact Me to:
4. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 4
L2/L3 network operation
Where to locate Wireshark
Taps and port-mirror
Local and remote monitoring
Capture data from multiple interfaces
Capture data on virtual machines
Chapter Content
“You only live once, but if you do it
right, once is enough.”
Mae West
5. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 5
Reminder – How a LAN Switch Works
Sw
Segment A
Segment B
B3
A1 A2 A3
B2B1
A1
A2
A3
B1
B2
B3
C5
C6
C7
C5
C6
C7
Segment C
Decision Table
A1A3 Block
A1B1 Forward to port B
A1C7 Forward to port C
A1BC Forward to all (flood)
A1D7 Forward to all (flood)
6. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 6
The Big Picture
SA: M1
SA: M1
SA: M1
SA: M1
SA: M1
SA: M1
SA: M1
Frame send
To M1
DA: M1
DA: M1
DA: M1
DA: M1
DA: M1
DA: M1
M – MAC Address
SA – Source (MAC) address
DA – Destination (MAC) address
SW1
Broadcast
sent
SW4SW3SW2
SW5 SW6 SW7
1
SA: M1 SA: M1
SA: M1
SA: M1
2
7. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 7
The Big Picture
1 2 3 4 5 6 7 8
1 2 3 4 5 6 7 8
1 2 3 4 5 6 7 8
1 2 3 4 5 6 7 8
1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8
SA: M1
SA: M1
SA: M1
SA: M1
SA: M1
SA: M1
SA: M1
Frame send
To M1
DA: M1
DA: M1
DA: M1
DA: M1
DA: M1
DA: M1
M – MAC Address
SA – Source (MAC) address
DA – Destination (MAC) address
1 2 3 4 5 6 7 8
SW1
Broadcast
sent
SW4SW3SW2
SW5 SW6 SW7
1
SA: M1 SA: M1
SA: M1
SA: M1
2
To ISP
8. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 8
L2/L3 network operation
Where to locate Wireshark
Taps and port-mirror
Local and remote monitoring
Capture data from multiple interfaces
Capture data on virtual machines
Chapter Content
“The real danger is not that computers will
begin to think like men, but that men will
begin to think like computers.”
Sydney Harris
9. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 9
Were to Locate the Wireshark?
To ISP
For server monitoring:
Connect the laptop to the LAN
switch, with port mirror to the
monitored server
For WAN monitoring:
Connect the laptop to the LAN
switch, with port mirror to the
monitored router
For Internet connectivity
monitoring:
Before or after the Firewall
Remote office monitoring:
On the WAN side
Remote office monitoring:
On the LAN side
10. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 10
L2/L3 network operation
Where to locate Wireshark
Taps and port-mirror
Local and remote monitoring
Capture data from multiple interfaces
Capture data on virtual machines
Chapter Content
“Live as if you were to die tomorrow. Learn as if
you were to live forever.”
Mahatma Gandhi
11. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 11
Port Mirror / Port Monitor
Monitoring
port
SDSD SD SD
Monitored
port
12. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 12
Double Vision – What Happened Here?
13. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 13
TAP (Test Access Point)
http://www.fullcontrolnetworks.co.uk/faq-category/popular-questions/
14. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 14
L2/L3 network operation
Where to locate Wireshark
Taps and port-mirror
Local and remote monitoring
Capture data from multiple interfaces
Capture data on virtual machines
Chapter Content
“To live is the rarest thing in the world. Most
people exist, that is all.”
Oscar Wilde
15. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 15
Local Monitoring
• Choose the interface
• Configure capture filter (optional)
• Start capture of data
16. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 16
• From Menu Options:
• Choose Manage Interfaces…
Remote Monitoring (1) – On Local machine
17. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 17
Remote Monitoring (2) – On Local Machine
• You get the following window
• Choose Remote Interfaces…
18. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 18
Remote Monitoring (3) – On Local machine
• You will get the following window
• Click on the (+) icon, and the following
window opens
• Configure Host IP/Name of the remote
machine
19. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 19
• Install Winpcap on the
remote PCs
▫ Configure the firewall so
that TCP port 2002 will be
accessible from your
machine
• Add a user to the PC user
list, give it a password, and
administrator privileges.
Remote Monitoring (4) - On Remote machine
20. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 20
• Start the Remote Packet Capture Protocol service
• Write-click on the Start symbol down left the Windows
screen, choose Open Windows Explorer, right-click on
Computer and choose Manage.
Remote Monitoring (5) - On Remote machine
21. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 21
L2/L3 network operation
Where to locate Wireshark
Taps and port-mirror
Local and remote monitoring
Capture data from multiple interfaces
Capture data on virtual machines
Chapter Content
“A friend is someone who knows all about you
and still loves you.”
Elbert Hubbard
22. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 22
Capture Data from Multiple Interfaces
23. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 23
L2/L3 network operation
Where to locate Wireshark
Taps and port-mirror
Local and remote monitoring
Capture data from multiple interfaces
Capture data on virtual machines
Chapter Content
“Any fool can know. The point is to understand.”
Albert Einstein
24. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 24
HW
Virtualization
Software
Guest
OS 1
Guest
OS 2
Guest
OS 3
App
External LAN Switch
1 2 3 4
7 8 9 10
5 6
11 12
NIC1 NIC2
A
p
p
A
p
p
App
What is a Virtual Machine
And How to monitor Traffic to it
1. Port mirror from LAG (ports 1/2)
to port 7 that the laptop is
connected to
2. Two port mirrors (1 to 8, 2 to 9)
with capture from multiple
interfaces
1 2
25. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 25
Connecting to a Blade Center
Eth1
Eth2
Eth1
Eth2
Eth1
Eth2
Eth1
Eth2
Eth1
Eth2
Eth1
Eth2
. .
.
Internal LAN Switch
Ext 1 Ext 2 Ext 3 Ext 4
Int1 Int2 Int3 Int4 Int5 Int6 Int7 Int8
Internal LAN Switch
Ext 1 Ext 2 Ext 3 Ext 4
Int1 Int2 Int3 Int4 Int5 Int6 Int7 Int8
BLADE
Center
External LAN Switch
1 2 3 4
7 8 9 10
5 6
11 12
External LAN Switch
1 2 3 4
7 8 9 10
5 6
11 12
To organization network
S – Server
SB – Server Blade
Eth – Ethernet
Int – Internal
Ext - External
SB-1 SB-2 SB-3 SB-4 SB-5 SB-6
S
2
S
2
S5
S
3
S6
S
4
S
7
S
8
1
2
3
26. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 26
Monitoring a Blade Center
Eth1
Eth2
Eth1
Eth2
Eth1
Eth2
Eth1
Eth2
Eth1
Eth2
Eth1
Eth2
. .
.
Internal LAN Switch
Ext 1 Ext 2 Ext 3 Ext 4
Int1 Int2 Int3 Int4 Int5 Int6 Int7 Int8
Internal LAN Switch
Ext 1 Ext 2 Ext 3 Ext 4
Int1 Int2 Int3 Int4 Int5 Int6 Int7 Int8
BLADE
Center
External LAN Switch
1 2 3 4
7 8 9 10
5 6
11 12
External LAN Switch
1 2 3 4
7 8 9 10
5 6
11 12
To organization network
S – Server
SB – Server Blade
Eth – Ethernet
Int – Internal
Ext - External
SB-1 SB-2 SB-3 SB-4 SB-5 SB-6
S
2
S
2
S5
S
3
S6
S
4
S
7
S
8
1
27. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 27
Summary
• In this lesson we talked about:
▫ Where to locate Wireshark in the network
▫ How to use taps and port mirror
▫ How to use Wireshark in virtual environment
Thanks for your time
Yoram Orzach
yoram@ndi-com.com
28. Network Analysis Using Wireshark Version 2Network Analysis using Wireshark V.2 yoram@ndi-com.com
Network analysis using Wireshark V2 yoram@ndi-com.comPage 28
yoram@ndi-com.com
For More lectures, Courses & Keynote Speaking
Contact Me to: