2. Who Am I
I am Lakshya
A info-sec enthusiast
@1_m3nd4x
3. Overview
• What is Wireshark ?
• Getting started
• Basic terminologies
• Wireshark gui
• Demo
4. What is Wireshark ?
• Wireshark is a graphical network protocol analyzer that lets us take a
deep dive into the individual packets moving around the network.
• Wireshark can be used to capture Ethernet, wireless, Bluetooth, and
many other kinds of traffic. It can decode different protocols that it
sees.
• tools similar to wireshark –
tcpdump – The essential free packet capture tool
tshark – A lightweight answer to those who want the functionality
of Wireshark, but the slim profile of tcpdump.
5. Getting Started
For Linux
• apt install wireshark
• dpkg-reconfigure wireshark-common (Say YES to the message box)
• Chmod +x /usr/bin/dumpcap
• Ready to go.
For windows
• https://www.wireshark.org/ ( download exe )
• Then normal windows installation
6. Basic terminologies
Segment :- the unit of data sent from TCP to another network layer.
The component it contains are source port, destination port, flags, and
checksum.
Packet :- A packet is a container or box that carries data over a TCP/IP
network. The component it contains are source ip, destination ip,
length.
Frame :-It is the combination of layer 2 header and the data being
carried. The component it contains are source mac address, destination
mac address, data, length, checksum.
11. Flow Graph
The flow graph feature can provide a quick and easy to use way
of checking connections between a client and a server.
It can show where there might be issues with a TCP connection,
such as timeouts, re-transmitted frames, or dropped connections.
12. Display filters allow you to concentrate on the packets you are interested in while
hiding the currently uninteresting ones. They allow you to select packets by:
- Protocol
- The presence of a field
- The values of fields
- A comparison between fields
… and a lot more!
Display Filters