SlideShare a Scribd company logo

Practical 7 - Using Wireshark Tutorial and Hands-on

Download as PPTX, PDF
Q
QaisSaifQassim

Practical 7 - Using Wireshark Tutorial and Hands-on

Technology
1 of 31
Capture, Filter, and Inspect Network Packets Practical 7 Dr. Qais Saif Qassim
Outline • What is Wireshark? • Capturing Packets • Analyzing Packets • Filtering Packets • Saving and Manipulating Packets • Packet Statistics • Useful references
What is Wireshark? • Wireshark is a network packet analyzer. • A network packet analyzer captures network packets and displays that packet data as detailed as possible. • The De-Facto Network Protocol Analyzer • Open-Source • Multi-platform • Easily extensible • Large development group • Previously Named “Ethereal”
What is Wireshark? Receives a copy of every link-layer frame that i s sent from or received by your computer. Displays the contents of all fields within a protocol message.
What is Wireshark? • Features • Deep inspection of thousands of protocols • Live capture and offline analysis • Standard three-pane packet browser • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility • The most powerful display filters in the industry • Coloring rules can be applied to the packet list for quick, intuitive analysis • Output can be exported to XML, PostScript®, CSV, or plain text
What is Wireshark? • What we can: • Capture network traffic • Decode packet protocols using dissectors • Define filters – capture and display • Watch smart statistics • Analyze problems • Interactively browse that traffic • Some examples people use Wireshark for: • Network administrators: troubleshoot network problems • Network security engineers: examine security problems • Developers: debug protocol implementations • People: learn network protocol internals
Interface Packet List Packet Details Packet Bytes
Interface (newer version)
Capturing Packets
Capturing Packets Buffer size – in order not to fill your laptop disk Capture all packets on the network Capture filter Capture in multiple files When to automatically stop the capture Display options Name resolution options
Capturing Packets (newer version) New interface Version 2.6
Analyzing Packets (layers 1 & 2)
Analyzing Packets (layer 3) • IP Packet Example
Analyzing Packets (layer 4) • TCP Packet Example
Analyzing Packets (TCP handshake) • TCP 3-way Handshake
Analyzing Packets (Flow Graph)
Analyzing Packets (Graph Analysis) • Flow Graph
Analyzing Packets (TCP Stream) • Filtering Specific TCP Stream
Analyzing Packets (number of packets) • Filtering Specific TCP Stream
Filtering Packets • Applying Filter when Capturing Packets Capture  Interfaces  Options:
Filtering Packets  Applying Filter when Analyzing Packets
Filtering Packets • Examples: • Capture only traffic to or from IP address 172.18.5.4 • ip.addr == 172.18.5.4 • Capture traffic to or from a range of IP addresses • ip.addr == 10.153.84.0/24 • ip.addr >= 10.153.84.74 || ip.addr <= 10.153.84.174 • Capture traffic from a range of IP addresses • ip.src >= 10.153.84.74 || ip.src <= 10.153.84.174 • Capture traffic to a range of IP addresses • ip.dst >= 10.153.84.74 || ip.dst <= 10.153.84.174 • Capture only DNS (port 53) traffic • dns • udp.dstport == 53
Filtering Packets • Examples: • Capture except all ARP and DNS traffic • not udp.port == 53 and not arp • Show only SMTP (port 25) and ICMP traffic • tcp.port == 25 or icmp • Capture non-HTTP and non-SMTP traffic on your server • http.host == "www.example.com" and not (tcp.port == 80 or tcp.port == 25) • Capture only IP traffic (the shortest filter, but sometimes very useful to get rid of lower layer protocols like ARP) • ip
Saving and Manipulating Packets • Save only displayed packets
Saving and Manipulating Packets • Export to CSV file
Packet Statistics (protocol hierarchy)
Packet Statistics (conversation)
Packet Statistics (IO graph)
Packet Statistics (TCP Stream Graph) Show different visual representations of the TCP streams in a capture.
References • Wireshark Website • http://www.wireshark.org • Wireshark Documentation • http://www.wireshark.org/docs/ • Wireshark Wiki • http://wiki.wireshark.org • Network analysis Using Wireshark Cookbook • http://www.amazon.com/Network-Analysis-Using- Wireshark-Cookbook/dp/1849517649
Lab activity 1: Using Wireshark • Step 1: launch Wireshark • Step 2: capture some traffic (ping and http requests) • Using Wireshark answer the following questions: • What is your MAC address? • What is the protocol/port number of ping messages? • What is the protocol/port number used to know the IP address of a server/website? • How many bytes in the ping message? • Step 3: save the captured packets • Step 4: Working with captured packets 1) Show only DNS and ICMP related traffic 2) Show all packets in a specific TCP session 3) List all endpoints within the captured traffic 4) List of the top talkers as well as who is talking to whom

Recommended

Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferenceCengage Learning
 
Debugging applications with network security tools
Debugging applications with network security toolsDebugging applications with network security tools
Debugging applications with network security toolsConFoo
 
Traffic monitoring
Traffic monitoringTraffic monitoring
Traffic monitoringRadu Galbenu
 
(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scopeINSIGHT FORENSIC
 
wireshark.pdf
wireshark.pdfwireshark.pdf
wireshark.pdfssuserafc27c
 
Wireshark.pptx
Wireshark.pptxWireshark.pptx
Wireshark.pptxSalmanKhan222894
 
Wireshark_Tutorial.pptx
Wireshark_Tutorial.pptxWireshark_Tutorial.pptx
Wireshark_Tutorial.pptxAdeelIshtiaq4
 
Workshop Wireshark
Workshop Wireshark Workshop Wireshark
Workshop Wireshark Fabio Rosa
 

Recommended

Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferenceCengage Learning
 
Debugging applications with network security tools
Debugging applications with network security toolsDebugging applications with network security tools
Debugging applications with network security toolsConFoo
 
Traffic monitoring
Traffic monitoringTraffic monitoring
Traffic monitoringRadu Galbenu
 
(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scopeINSIGHT FORENSIC
 
wireshark.pdf
wireshark.pdfwireshark.pdf
wireshark.pdfssuserafc27c
 
Wireshark.pptx
Wireshark.pptxWireshark.pptx
Wireshark.pptxSalmanKhan222894
 
Wireshark_Tutorial.pptx
Wireshark_Tutorial.pptxWireshark_Tutorial.pptx
Wireshark_Tutorial.pptxAdeelIshtiaq4
 
Workshop Wireshark
Workshop Wireshark Workshop Wireshark
Workshop Wireshark Fabio Rosa
 
Traffic-Monitoring.ppt
Traffic-Monitoring.pptTraffic-Monitoring.ppt
Traffic-Monitoring.pptssuser0a05422
 
Traffic-Monitoring.ppt
Traffic-Monitoring.pptTraffic-Monitoring.ppt
Traffic-Monitoring.pptToffeeLomerz
 
Traffic-Monitoring.ppt
Traffic-Monitoring.pptTraffic-Monitoring.ppt
Traffic-Monitoring.pptSenthil Vit
 
Presentation on wireshark
Presentation on wiresharkPresentation on wireshark
Presentation on wiresharkAnil Thalor
 
Network analysis Using Wireshark 4: Capture Filters
Network analysis Using Wireshark 4: Capture FiltersNetwork analysis Using Wireshark 4: Capture Filters
Network analysis Using Wireshark 4: Capture FiltersYoram Orzach
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence Sam Bowne
 
Network Packet Analysis with Wireshark
Network Packet Analysis with WiresharkNetwork Packet Analysis with Wireshark
Network Packet Analysis with WiresharkJim Gilsinn
 
Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wiresharkBasaveswar Kureti
 
Wireshark lecture
Wireshark lectureWireshark lecture
Wireshark lectureBhupesh Rawat
 
Wireshark lecture
Wireshark lectureWireshark lecture
Wireshark lectureBhupesh Rawat
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilitiesG Prachi
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsSachidananda Sahu
 
Wireshark
WiresharkWireshark
Wiresharklakshya dubey
 
Wireshark
Wireshark Wireshark
Wireshark antivirusspam
 
Tutorial: Network State Awareness Troubleshooting
Tutorial: Network State Awareness TroubleshootingTutorial: Network State Awareness Troubleshooting
Tutorial: Network State Awareness TroubleshootingAPNIC
 
ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...
ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...
ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...Altinity Ltd
 
wireshark
wiresharkwireshark
wiresharkMirza Baig
 
Internet protocols Report Slides
Internet protocols Report SlidesInternet protocols Report Slides
Internet protocols Report SlidesBassam Kanber
 
Network State Awareness & Troubleshooting
Network State Awareness & TroubleshootingNetwork State Awareness & Troubleshooting
Network State Awareness & TroubleshootingAPNIC
 
Apache Kafka
Apache KafkaApache Kafka
Apache Kafkaemreakis
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxnull - The Open Security Community
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

More Related Content

Similar to Practical 7 - Using Wireshark Tutorial and Hands-on

Traffic-Monitoring.ppt
Traffic-Monitoring.pptTraffic-Monitoring.ppt
Traffic-Monitoring.pptssuser0a05422
 
Traffic-Monitoring.ppt
Traffic-Monitoring.pptTraffic-Monitoring.ppt
Traffic-Monitoring.pptToffeeLomerz
 
Traffic-Monitoring.ppt
Traffic-Monitoring.pptTraffic-Monitoring.ppt
Traffic-Monitoring.pptSenthil Vit
 
Presentation on wireshark
Presentation on wiresharkPresentation on wireshark
Presentation on wiresharkAnil Thalor
 
Network analysis Using Wireshark 4: Capture Filters
Network analysis Using Wireshark 4: Capture FiltersNetwork analysis Using Wireshark 4: Capture Filters
Network analysis Using Wireshark 4: Capture FiltersYoram Orzach
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence Sam Bowne
 
Network Packet Analysis with Wireshark
Network Packet Analysis with WiresharkNetwork Packet Analysis with Wireshark
Network Packet Analysis with WiresharkJim Gilsinn
 
Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wiresharkBasaveswar Kureti
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilitiesG Prachi
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsSachidananda Sahu
 
Tutorial: Network State Awareness Troubleshooting
Tutorial: Network State Awareness TroubleshootingTutorial: Network State Awareness Troubleshooting
Tutorial: Network State Awareness TroubleshootingAPNIC
 
ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...
ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...
ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...Altinity Ltd
 
Internet protocols Report Slides
Internet protocols Report SlidesInternet protocols Report Slides
Internet protocols Report SlidesBassam Kanber
 
Network State Awareness & Troubleshooting
Network State Awareness & TroubleshootingNetwork State Awareness & Troubleshooting
Network State Awareness & TroubleshootingAPNIC
 
Apache Kafka
Apache KafkaApache Kafka
Apache Kafkaemreakis
 

Similar to Practical 7 - Using Wireshark Tutorial and Hands-on (20)

Traffic-Monitoring.ppt
Traffic-Monitoring.pptTraffic-Monitoring.ppt
Traffic-Monitoring.ppt
 
Traffic-Monitoring.ppt
Traffic-Monitoring.pptTraffic-Monitoring.ppt
Traffic-Monitoring.ppt
 
Traffic-Monitoring.ppt
Traffic-Monitoring.pptTraffic-Monitoring.ppt
Traffic-Monitoring.ppt
 
Presentation on wireshark
Presentation on wiresharkPresentation on wireshark
Presentation on wireshark
 
Network analysis Using Wireshark 4: Capture Filters
Network analysis Using Wireshark 4: Capture FiltersNetwork analysis Using Wireshark 4: Capture Filters
Network analysis Using Wireshark 4: Capture Filters
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence
 
Network Packet Analysis with Wireshark
Network Packet Analysis with WiresharkNetwork Packet Analysis with Wireshark
Network Packet Analysis with Wireshark
 
Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wireshark
 
Wireshark lecture
Wireshark lectureWireshark lecture
Wireshark lecture
 
Wireshark lecture
Wireshark lectureWireshark lecture
Wireshark lecture
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance tools
 
Wireshark
WiresharkWireshark
Wireshark
 
Wireshark
Wireshark Wireshark
Wireshark
 
Tutorial: Network State Awareness Troubleshooting
Tutorial: Network State Awareness TroubleshootingTutorial: Network State Awareness Troubleshooting
Tutorial: Network State Awareness Troubleshooting
 
ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...
ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...
ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...
 
wireshark
wiresharkwireshark
wireshark
 
Internet protocols Report Slides
Internet protocols Report SlidesInternet protocols Report Slides
Internet protocols Report Slides
 
Network State Awareness & Troubleshooting
Network State Awareness & TroubleshootingNetwork State Awareness & Troubleshooting
Network State Awareness & Troubleshooting
 
Apache Kafka
Apache KafkaApache Kafka
Apache Kafka
 

Recently uploaded

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 

Recently uploaded (20)

Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 

Practical 7 - Using Wireshark Tutorial and Hands-on

  • 1. Capture, Filter, and Inspect Network Packets Practical 7 Dr. Qais Saif Qassim
  • 2. Outline • What is Wireshark? • Capturing Packets • Analyzing Packets • Filtering Packets • Saving and Manipulating Packets • Packet Statistics • Useful references
  • 3. What is Wireshark? • Wireshark is a network packet analyzer. • A network packet analyzer captures network packets and displays that packet data as detailed as possible. • The De-Facto Network Protocol Analyzer • Open-Source • Multi-platform • Easily extensible • Large development group • Previously Named “Ethereal”
  • 4. What is Wireshark? Receives a copy of every link-layer frame that i s sent from or received by your computer. Displays the contents of all fields within a protocol message.
  • 5. What is Wireshark? • Features • Deep inspection of thousands of protocols • Live capture and offline analysis • Standard three-pane packet browser • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility • The most powerful display filters in the industry • Coloring rules can be applied to the packet list for quick, intuitive analysis • Output can be exported to XML, PostScript®, CSV, or plain text
  • 6. What is Wireshark? • What we can: • Capture network traffic • Decode packet protocols using dissectors • Define filters – capture and display • Watch smart statistics • Analyze problems • Interactively browse that traffic • Some examples people use Wireshark for: • Network administrators: troubleshoot network problems • Network security engineers: examine security problems • Developers: debug protocol implementations • People: learn network protocol internals
  • 10. Capturing Packets Buffer size – in order not to fill your laptop disk Capture all packets on the network Capture filter Capture in multiple files When to automatically stop the capture Display options Name resolution options
  • 11. Capturing Packets (newer version) New interface Version 2.6
  • 13. Analyzing Packets (layer 3) • IP Packet Example
  • 14. Analyzing Packets (layer 4) • TCP Packet Example
  • 15. Analyzing Packets (TCP handshake) • TCP 3-way Handshake
  • 17. Analyzing Packets (Graph Analysis) • Flow Graph
  • 18. Analyzing Packets (TCP Stream) • Filtering Specific TCP Stream
  • 19. Analyzing Packets (number of packets) • Filtering Specific TCP Stream
  • 20. Filtering Packets • Applying Filter when Capturing Packets Capture  Interfaces  Options:
  • 21. Filtering Packets  Applying Filter when Analyzing Packets
  • 22. Filtering Packets • Examples: • Capture only traffic to or from IP address 172.18.5.4 • ip.addr == 172.18.5.4 • Capture traffic to or from a range of IP addresses • ip.addr == 10.153.84.0/24 • ip.addr >= 10.153.84.74 || ip.addr <= 10.153.84.174 • Capture traffic from a range of IP addresses • ip.src >= 10.153.84.74 || ip.src <= 10.153.84.174 • Capture traffic to a range of IP addresses • ip.dst >= 10.153.84.74 || ip.dst <= 10.153.84.174 • Capture only DNS (port 53) traffic • dns • udp.dstport == 53
  • 23. Filtering Packets • Examples: • Capture except all ARP and DNS traffic • not udp.port == 53 and not arp • Show only SMTP (port 25) and ICMP traffic • tcp.port == 25 or icmp • Capture non-HTTP and non-SMTP traffic on your server • http.host == "www.example.com" and not (tcp.port == 80 or tcp.port == 25) • Capture only IP traffic (the shortest filter, but sometimes very useful to get rid of lower layer protocols like ARP) • ip
  • 24. Saving and Manipulating Packets • Save only displayed packets
  • 25. Saving and Manipulating Packets • Export to CSV file
  • 29. Packet Statistics (TCP Stream Graph) Show different visual representations of the TCP streams in a capture.
  • 30. References • Wireshark Website • http://www.wireshark.org • Wireshark Documentation • http://www.wireshark.org/docs/ • Wireshark Wiki • http://wiki.wireshark.org • Network analysis Using Wireshark Cookbook • http://www.amazon.com/Network-Analysis-Using- Wireshark-Cookbook/dp/1849517649
  • 31. Lab activity 1: Using Wireshark • Step 1: launch Wireshark • Step 2: capture some traffic (ping and http requests) • Using Wireshark answer the following questions: • What is your MAC address? • What is the protocol/port number of ping messages? • What is the protocol/port number used to know the IP address of a server/website? • How many bytes in the ping message? • Step 3: save the captured packets • Step 4: Working with captured packets 1) Show only DNS and ICMP related traffic 2) Show all packets in a specific TCP session 3) List all endpoints within the captured traffic 4) List of the top talkers as well as who is talking to whom