This gives an overall idea about wireshark design and how to capture packets using wireshark, tcpdump and tshark. It also covers basics behind measuring network performance and tools to use such as bmon and iperf.
Become Wireshark Certified - https://www.udemy.com/wireshark-tutorial/?couponCode=CEWS Understand Wireshark and how this network analyzer tool can help you succeed in your Wireshark job!
Become Wireshark Certified - https://www.udemy.com/wireshark-tutorial/?couponCode=CEWS Understand Wireshark and how this network analyzer tool can help you succeed in your Wireshark job!
netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers.
iptables is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different netfilter modules) and the chains and rules it stores.
Many systems use iptables/netfilter, Linux's native packet filtering/mangling framework since Linux 2.4, be it home routers or sophisticated cloud network stacks.
In this session, we will talk about the netfilter framework and its facilities, explain how basic filtering and mangling use-cases are implemented using iptables, and introduce some less common but powerful extensions of iptables.
Shmulik Ladkani, Chief Architect at Nsof Networks.
Long time network veteran and kernel geek.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
Some billions of forwarded packets later, Shmulik left his position as Jungo's lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud-based service, focusing around virtualization systems, network virtualization and SDN.
Recently he co-founded Nsof Networks, where he's been busy architecting network infrastructure as a cloud-based service, gazing at internet routes in astonishment, and playing the chkuku.
netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers.
iptables is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different netfilter modules) and the chains and rules it stores.
Many systems use iptables/netfilter, Linux's native packet filtering/mangling framework since Linux 2.4, be it home routers or sophisticated cloud network stacks.
In this session, we will talk about the netfilter framework and its facilities, explain how basic filtering and mangling use-cases are implemented using iptables, and introduce some less common but powerful extensions of iptables.
Shmulik Ladkani, Chief Architect at Nsof Networks.
Long time network veteran and kernel geek.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
Some billions of forwarded packets later, Shmulik left his position as Jungo's lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud-based service, focusing around virtualization systems, network virtualization and SDN.
Recently he co-founded Nsof Networks, where he's been busy architecting network infrastructure as a cloud-based service, gazing at internet routes in astonishment, and playing the chkuku.
CNIT 141 8. Public-Key Cryptosystems Based on the DLPSam Bowne
For a college course -- CNIT 140: "Cryptography for Computer Networks" at City College San Francisco
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
CNIT 50: 6. Command Line Packet Analysis ToolsSam Bowne
For a college class in Network Security Monitoring at CCSF.
Course website: https://samsclass.info/50/50_F17.shtml
Based on "The Practice of Network Security Monitoring: Understanding Incident Detection and Response" by Richard Bejtlich, No Starch Press; 1 edition (July 26, 2013), ASIN: B00E5REN34
CNIT 124 Ch 13: Post Exploitation (Part 1)Sam Bowne
Slides for a college course in "Advanced Ethical Hacking" at CCSF. Instructor: Sam Bowne
Course Web page:
https://samsclass.info/124/124_F17.shtml
Based on "Penetration Testing: A Hands-On Introduction to Hacking" by Georgia Weidman -- ISBN-10: 1593275641, No Starch Press; 1 edition (June 8, 2014)
For a college class in Ethical Hacking and Network Defense at CCSF, by Sam Bowne. More info at https://samsclass.info/123/123_F17.shtml
Based on this book
Hands-On Ethical Hacking and Network Defense, Third Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610
For a college course -- CNIT 140: "Cryptography for Computer Networks" at City College San Francisco
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)Sam Bowne
For a college course at Coastline Community College taught by Sam Bowne. Details at https://samsclass.info/125/125_F17.shtml
Based on: "CISSP Study Guide, Third Edition"; by Eric Conrad, Seth Misenar, Joshua Feldman; ISBN-10: 0128024372
For a college course -- CNIT 140: "Cryptography for Computer Networks" at City College San Francisco
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
Navigating the Ecosystem of Pivotal Cloud Foundry TilesAltoros
For application developers, PCF tiles are arguably the easiest way to run Redis, Elasticsearch, Cassandra, or any other backing service with applications in the cloud.
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThomas Graf
The Linux packet filtering technology, iptables, has its roots in times when networking was relatively simple and network bandwidth was measured in mere megabits. Emerging technologies, such as distributed NAT, overlay networks and containers require enhanced functionality and additional flexibility. In parallel, the next generation of network cards with speeds of 40Gb and 100Gb will put additional pressure on performance.
In the upcoming Red Hat Enterprise Linux 7, a new dynamic firewall service, FirewallD, is planned to provide greater flexibility over iptables by eliminating service disruptions during rule updates, abstraction, and support for different network trust zones. Additionally, a new virtual machine-based packet filtering technology, nftables, addresses the functionality and flexibility requirements of modern network workloads.
In this session you’ll:
Deep dive into the newly introduced packet filtering capabilities of Red Hat Enterprise Linux 7 beta.
Learn best practices.
See the new set of configuration utilities that allow new optimization possibilities.
Communication over the kinds of Data-Links used for unmanned vehicles presents important challenges dues to the low bandwidth, intermittent, and lower reliability of these links. Classic network protocols such as TCP do not operate well in this environment forcing application developers to implement their own reliability and session management. This presentation describes he issues and alternatives.
Master Class : TCP/IP Mechanics from Scratch to ExpertAbhishek Sagar
This is Master Class course on TCP/IP protocol - Transmission Control Protocol. Since it is Master Class course, this course discusses the internal design and functioning of complex transport layer protocol - TCP.
Almost all traffic on internet today is transported by TCP protocol. TCP, as where it stands today, mature and solid, is the result of over 25 yrs of research by network gurus. TCP is complicated and difficult to understand, therefore i have paid utmost attention to present the concept in most simplest way as possible without any loss of information.
Applied Detection and Analysis Using Flow Data - MIRCon 2014chrissanders88
In this presentation, Chris Sanders and Jason Smith discuss the importance of using flow data for network security analysis. Flow data is discussed from the viewpoints of collection, detection, and analysis. We also discuss the FlowPlotter tool, and the use of FlowBAT, a graphical flow analysis GUI we've created.
Packet Analysis - Course Technology Computing Conference
Presenter: Lisa Bock - Pennsylvania College of Technology
Most network administrators are well-versed in hardware, applications, operating systems, and network analysis tools. However, many are not trained in analyzing network traffic. Network administrators should be able to identify normal network traffic in order to determine unusual or suspicious activity. Network packet analysis is important in order to troubleshoot congestion issues, create firewall and intrusion detection system rules, and perform incident and threat detection. This hands-on presentation will review fundamental concepts necessary to analyze network traffic, beginning with an overview of network analysis, then a review the TCP/IP protocol suite and LAN operations. Participants will examine packet captures and understand the field values of the protocols and as to what is considered normal behavior, and then examine captures that show exploits, network reconnaissance, and signatures of common network attacks. The program will use Wireshark, a network protocol analyzer for Unix and Windows, to study network packets, look at basic features such as display and capture filters, and examine common protocols such as TCP, HTTP, DNS, and FTP. Time permitting, the presentation will provide suggestions on how to troubleshoot performance problems, conduct a network baseline, and how to follow a TCP or UDP stream and see HTTP artifacts. Participants should have a basic knowledge of computer networking and an interest in the subject.
Enhancing Network Visibility Based On Open Converged Network ApplianceOpen Networking Summit
Dr. Dongheon Lee' and Dr. Junho Suh's presentation from the 2017 Open Networking Summit.
As the mobile traffic carried by cellular networks has been growing rapidly and the networks gets bigger and more complex, network operators have been forced to search for solutions to substantially enhance network visibility. This talk introduces SKT integrated Network Analyzer (TiNA) and Converged Appliance Platform (T-CAP) which help us improving the efficiency of network operation, troubleshooting, and analyzing traffic. TiNA is composed of virtual network packet broker, flow analyzer, high speed packet dump system, connection performance analyzer, and 3D-based network management system. T-CAP is an open architecture of a server-switch type hardware. We will review how to implement those TiNA functions based on open source (e.g., DPDK, Spark Streaming) and T-CAP. Finally, we will also discuss about the use-cases of TiNA and T-CAP for the private cloud & telco network infrastructure.
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Mind IT Systems
Healthcare providers often struggle with the complexities of chronic conditions and remote patient monitoring, as each patient requires personalized care and ongoing monitoring. Off-the-shelf solutions may not meet these diverse needs, leading to inefficiencies and gaps in care. It’s here, custom healthcare software offers a tailored solution, ensuring improved care and effectiveness.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Do you want Software for your Business? Visit Deuglo
Deuglo has top Software Developers in India. They are experts in software development and help design and create custom Software solutions.
Deuglo follows seven steps methods for delivering their services to their customers. They called it the Software development life cycle process (SDLC).
Requirement — Collecting the Requirements is the first Phase in the SSLC process.
Feasibility Study — after completing the requirement process they move to the design phase.
Design — in this phase, they start designing the software.
Coding — when designing is completed, the developers start coding for the software.
Testing — in this phase when the coding of the software is done the testing team will start testing.
Installation — after completion of testing, the application opens to the live server and launches!
Maintenance — after completing the software development, customers start using the software.
In the ever-evolving landscape of technology, enterprise software development is undergoing a significant transformation. Traditional coding methods are being challenged by innovative no-code solutions, which promise to streamline and democratize the software development process.
This shift is particularly impactful for enterprises, which require robust, scalable, and efficient software to manage their operations. In this article, we will explore the various facets of enterprise software development with no-code solutions, examining their benefits, challenges, and the future potential they hold.
Software Engineering, Software Consulting, Tech Lead, Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Transaction, Spring MVC, OpenShift Cloud Platform, Kafka, REST, SOAP, LLD & HLD.
Understanding Nidhi Software Pricing: A Quick Guide 🌟
Choosing the right software is vital for Nidhi companies to streamline operations. Our latest presentation covers Nidhi software pricing, key factors, costs, and negotiation tips.
📊 What You’ll Learn:
Key factors influencing Nidhi software price
Understanding the true cost beyond the initial price
Tips for negotiating the best deal
Affordable and customizable pricing options with Vector Nidhi Software
🔗 Learn more at: www.vectornidhisoftware.com/software-for-nidhi-company/
#NidhiSoftwarePrice #NidhiSoftware #VectorNidhi
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeAftab Hussain
Understanding variable roles in code has been found to be helpful by students
in learning programming -- could variable roles help deep neural models in
performing coding tasks? We do an exploratory study.
- These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
2. AGENDA
• INTRODUCTION
• WHY AND HOW TO ANALYSE PACKET ?
• FUNDAMENTALS OF ANALYSING NETWORK PACKETS
• PACKET ANALYSIS TOOLS TCPDUMP, TSHARK AND WIRESHARK
• WIRESHARK DESIGN FRAMEWORK
• ANALYZING PROTOCOL USING WIRESHARK
• FILTERS AND STATISTICS IN WIRESHARK
• FUNDAMENTALS OF MEASURING NETWORK PERFORMANCE
• NETWORK PERFORMANCE MEASUREMENT TOOLS BMON, IPERF
• Q & A
• CONCLUSION
• REFERENCES
Radisys Corporation - CONFIDENTIAL
3. Introduction
• In this present era most of the devices are connected with internet.
• They should be AVAILABLE always
• They should be RELIABLE always
• They should PERFORM better always
• Consider a simple home network
• Consider this real time complex network
• Think about a situation if there is problem in one device ?
• So we need some tools
• Which can help us to debug , monitor, analyse the data.
• Which can also measure performance and also can give us statistical info.
Image Source: makeuseof.com
Image Source: afnog meet
4. Why and How to analyse packet ?
Why to Analyse ?
Analyze network problems
Detect intrusion attempts
Identify network misuse
Content monitoring
Bandwidth usage analysis
Gathering network status
How to Analyse ?
Sniff the packets
Analyze the Protocol/Packets
Monitor the Packets
Tools To Analyse ?
Tcpdump, Tshark, wireshark
Nagios, Splunk, Total Network Monitor
And many more …
5. Fundamentals of analyzing network packets
Switch OS BufferNIC Disk
Applicatio
n Buffer
Visualization of a packet in a system
Visualization of data at different layer
Places to analyze packet
Matryoshka doll
6. Packet Analysis Tools
Common points
They act as protocol analyzer
They able to understand the protocols and show us packet by packet.
They relate packets to give info about sequence of packets.
They apply filter to analyze packet of interest.
Tcpdump
Unix-based command-line tool used to intercept packets.
Supports most of the protocols tcp,udp, icmp and many more …
Tshark
Same unix based command line tool
Similar to tcpdump in behavior and option
It also supports extra protocols and new options
Wireshark
Graphical version of Tcpdump/Tshark.
Wireshark has both qt version and gtk version for graphics.
8. For the love of Command Line …
Tcpdump/tshark options
–D: Shows all interfaces available
-i <interface>
tcpdump –i any <protocolname>
-w <FileToWrite>
-r <ReadFromFile>
-Y <protocolname>
-c <No of packets>
-V show all information about the packets
capinfo <capture filename>
tcpdump –I <interface> host <ipaddress>
-q –z expert shows details of packet staticstics
-q –z expert, error
-q –z expert, hosts
-q –z io, stat,5
9. For the love of Graphical Interface …
Packet List Panel
Packet Details Panel
Packet Byte Panel
Packet Filter
Let’s
start
Wireshark,
And see the
packet
you are
sending and
receiving in
your system
…
10. Analyzing a TCP Based Application
Field’s under interest
• Source IP
• Source Port
• Destination Ip
• Destination Port
• Data Transmitted
Image Source: superuser.com
11. Wireshark Filters
Tools generally capture packets of all types(protocol/host/port etc ) in which we may not be interested most of the time
Filtering in tools helps us to capture/view packets of our interest.
Capture Filter
Capture only interested packets, done during capture phase only
Used to reduce the size of a raw packet capture
Capture filter is nothing but what we do during tcpdump/tshark
tcpdump <protocolname>
Capture->Capture Filters : Add/Delete or select predefined filters
host 192.168.10.2
tcp src port 9000
tcp port 9000 and not src host 192.168.10.2
Display Filter
Capture all, but show only interested packets, applied after capturing all.
Used to hide some packets from the packet list.
Display filter can be applied any time in the wireshark GUI
ip.addr == 192.168.10.2
tcp.port in { 80,12000, 24 }
tcp.port == 80 || tcp.port == 12000 || tcp.port == 24
12. Wireshark Statistics
Wireshark provides a wide range of network statistics.
Number of captured packets in a session
Number of specific protocol packet (HTTP requests and responses) captured
Statistics -> Summary - overall summary of the packet capture
Statistics -> Protocol Hierarchy - breakdown of the various protocols
Statistics -> Conversations - list of each individual “conversation” between endpoints
Statistics -> Endpoints - list of source and destination addresses
Statistics -> Service Response Time - display the time between a request and it’s
response
Statistics -> Flow Graph – Showing the flow of traffic
13. Fundamentals of measuring network performance
It is the analysis and review of collective network statistics, to define the quality of services offered by
the underlying computer network.
It helps to review, measure and improve the network services.
Broadly, network performance is measured by reviewing the statistics and metrics of following
parameters.
Speed
Bandwidth
Network Delay,
Latency
Data Loss
Throughput
15. Fundamentals of measuring network performance
Terms for network performance and monitoring
Speed – Available circuitry data
Network bandwidth or capacity - Available data transfer
Network throughput - Amount of data successfully transferred over the network in a given time
Network delay, latency and jittering - Any network issue causing packet transfer to slow than usual
Data loss and network errors - Packets dropped or lost in transmission and delivery
Packet per second - Number of packets of data per second that can be processed before dropping data
Connection per second - Rate at which a device can establish state parameters for new connections.
Transaction per second - Number of complete actions of a particular type that can be performed per second.
Maximum concurrent connection per second - Total number of sessions (connections) about which a device can
maintain state simultaneously.
Tools for measuring network performance and monitoring
bmon, iperf, iftop, vnstat , nload etc … and more at http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html
16. bmon
It’s a text based badwidth monitor and rate estimator tool which captures bandwidth related statistics and
display them visually over command prompt.
Installing
sudo apt-get install bmon
Repo : https://github.com/tgraf/bmon
man bmon
Options
-p : specific interface
-r : read interval from source
-R : update rate per counter
Input modules
Netlink ,Proc ,Netstat
Output modules
Curses, Ascii, Format, Null
Usage
bmon –p eth0,eth1
bomn –p eth0 –R 5
bmon –p eth*,!eth2
17. iperf
It measures the bandwidth and the quality of a network link. Jperf also does the same with additional graphical interface.
It creates TCP,UDP,SCTP data streams by tuning various parameters and gives idea about network’s bandwidth, delay, jitter and data loss
values.
Currently updated version is iperf3
source code https://github.com/esnet/iperf
sudo apt-get install iperf3
Iperf3 options
-s server
-c client
-t test duration timing
-i periodic interval report
-f [kmKM] formatting option
-d, -r bi-directional bandwidths
-p Specific port number
-w TCP window size
-b bandwidth setting
-u set to udp
-M maximum segment size
-P parallel streams
20. Conclusion
Tools helps us to debug the network better.
Tools helps us to understand the problem.
Tools helps us to know the current performance.
Tools helps us to know about usage utilization.
Tools helps us to know about any security issues present in network.
Tools helps us to experiment the new network technologies.
21. References
www.wireshark.com
www.iperf.fr
https://www.tecmint.com/
http://www.cisco.com/c/en/us/about/security-center/network-performance-metrics.html
https://openmaniak.com/
SharkFest 2014, Andrew Brown
Man page of tcpdump, wireshark, bmon, iperf
Cliff Zou’s wireshark lecture
Rich Macfarlane’s Lab
Packet analysis using wireshark by Lisa Bock, Pennsylvnia College of Tech.
Wireshark 101 ppt By Ravi Bhoraskar & book by Laura Chappell
Some images, texts borrowed/stolen generously from all over the internet
and some personal experience …
22. Life is easy with wireshark …
Happy Wiresharkking
The second is to serve as a general-purpose platform that is capable of delivering a wide range of innovative services.
[Sachidananda]
1> Network interface card and the link layer driver helps us to connect to a network.
2> In addition to link layer driver (PCI –E Etherenet) wireshark uses special link driver (WinPcap or libpcap) which provide access to raw data from the network.
3> Frames are passed up from the network, through one of these special link-layer drivers directly into Wireshark's Capture Engine (dumppcap).
4> Capture Engine passes frames up to the Core Engine. It uses the dissectors that translate the incoming bytes into human readable format frames.
5> Even it breaks the part of the frame to give the in depth analysis. Graphical toolkit provides the cross-platform interface for Wireshark so that same capture file we can see in multiple platforms.
6> The Wiretap Library is used for the input/output functions for saved trace files so it delivers the frames to the Core Engine.