Dive into the world of network traffic analysis with Wireshark, a versatile protocol analyzer. This guide explores how to capture, filter, and analyze packets in real-time, unveiling insights into network performance, security threats, and application behavior. Learn advanced techniques for visualization, statistical analysis, and protocol decoding to uncover patterns and vulnerabilities. Discover integration with other tools and scripting capabilities for automation, empowering network administrators and cybersecurity professionals to optimize performance and fortify defenses through packet-level insights.
3. • IP Address
An IP address is a unique identifier assigned to
each device connected to a network . They are
required for your device to access internet . It
allows devices to communicate with each other
over the internet.
• Here’s an example of an IP address :
192.155.12.1
• Example: Imagine you’re sending a letter (data
packet) to a friend’s house (server). The IP
address acts like the postal code, ensuring
your letter reaches the correct destination.
4. cont.…
IP address
● There are mainly two types of IP addresses: IPv4 & IPv6
● 1)IPv4 :
○ Address Size: IPv4 uses a 32-bit address, expressed in decimal
notation.
○ Example: An IPv4 address like 192.0.2.126.
○ Challenges: Despite its large address space, IPv4 addresses are running
out due to the rapid increase in networked and virtual devices.
5. cont.…
IP address
● 2)IPv6 :
○ Address Size: IPv6 uses a 128-bit address, providing an enormous
address space.
○ Example: An IPv6 address like
2001:0db8:85a3:0000:0000:8a2e:0370:7334.
○ Purpose: IPv6 is the recent version designed to address the limitations
of IPv4.
6. • URL
A URL (Uniform Resource Locator) is the address
used to find and access a specific webpage or file
on the internet
• It starts with a protocol, like "https://" or
"http://", indicating how to access the
resource.
• Then it includes the domain name, such as
"example.com", which is like the name of the
website or server.
• It may also have additional parts like a path,
indicating the specific location of a file or page,
such as "/images/picture.jpg".
• Example :
https://pixabay.com/videos/search/flowers/
7. • Finding IP address from URL
Command: ping -4 www.example.com
Explanation: Use this command in the command prom
or terminal to specifically
get the IPv4 address for the domain name
"www.google.com".
8. “
Introduction of Wireshark
o Wireshark is a tool that helps you to see what's
happening on your network.
o Wireshark is a packet sniffing and packet
capturing
tool .
o You can not watch what is under packet but you
can trace that which packet is transferring from
which device and in which time
11. Cont.…..
Choose the Stable Version for Windows: On the download page,
select the stable version suitable for Windows. You’ll find options
like:
1.Windows x64 Installer
2.Windows Arm64 Installer
3.Windows x64 Portabellas®
12. Cont.…..
Download and Run the Installer:
Click on the appropriate installer for your system (e.g., Windows x64
Installer).
The executable file will be saved to your default downloads location.
Run the downloaded file and follow the installation wizard.
16. 1. ip.addr==172.26.132.151
The filter ip.addr == 172.26.132.151 captures all traffic with either a source IPv4 address or a destination IPv4
address of 172.26.132.1511. This filter is useful for narrowing down network packet analysis to only those
packets involving this specific IP address.
17. 2. ip.src==172.26.132.151
The filter ip.src == 172.26.132.151 captures all network traffic where the source IPv4 address matches
172.26.132.1511. In other words, it isolates packets originating from this specific IP address.
18. 3. ip.dst==172.26.132.151
The filter ip.dst == 172.26.132.151 captures all network traffic where the destination IPv4 address matches
172.26.132.1511. In other words, it isolates packets destined for this specific IP address.
20. 5 . dns.qry.name==www.example.com
The filter dns.qry.name == www.example.com captures all DNS
packets where the query name matches www.example.com. In
other words, it isolates DNS queries specifically targeting the
domain “www.example.com.”
21. 6 . http.response.code==200
The filter http.response.code == 200 captures all HTTP responses
with a status code of 200. In other words, it isolates successful
responses where the server has handled the request without any
errors.
22. 7. Tcp.port==80
The filter Tcp.port == 80 captures all network traffic where the TCP
port number is 801. In other words, it isolates packets associated
with web traffic using the standard HTTP port.