SlideShare a Scribd company logo

Wireshark.pptx

Download as PPTX, PDF
S
SalmanKhan222894

Wireshark is an open-source network protocol analyzer tool that allows users to capture and analyze network traffic. It can capture packets from wired, wireless and Bluetooth connections. Wireshark provides filters that allow users to focus on specific network traffic and troubleshoot network issues. It is used by network specialists, software developers, government agencies and educational institutions.

Software
1 of 14
What is Wireshark? • Wireshark is an open-source network protocol analysis software program started by Gerald Combs in 1998. • A global organization of network specialists and software developers support Wireshark and continue to make updates for new network technologies and encryption methods. • Wireshark is absolutely safe to use. • Government agencies, corporations, non-profits, and educational institutions use Wireshark for troubleshooting and teaching purposes. There isn’t a better way to learn networking than to look at the traffic under the Wireshark microscope. • There are questions about the legality of Wireshark since it is a powerful packet sniffer. The Light side of the Force says that you should only use Wireshark on networks where you have permission to inspect network packets. Using Wireshark to look at packets without permission is a path to the Dark Side.
How does Wireshark work? • Wireshark is a packet sniffer and analysis tool. • It captures network traffic on the local network and stores that data for offline analysis. • Wireshark captures network traffic from Ethernet, Bluetooth, Wireless (IEEE.802.11), Token Ring, Frame Relay connections, and more. • Ed. Note: A “packet” is a single message from any network protocol (i.e., TCP, DNS, etc.) • Ed. Note 2: LAN traffic is in broadcast mode, meaning a single computer with Wireshark can see traffic between two other computers. If you want to see traffic to an external site, you need to capture the packets on the local computer. • Wireshark allows you to filter the log either before the capture starts or during analysis, so you can narrow down and zero into what you are looking for in the network trace. For example, you can set a filter to see TCP traffic between two IP addresses. You can set it only to show you the packets sent from one computer. The filters in Wireshark are one of the primary reasons it became the standard tool for packet analysis.
How to Download Wireshark • Downloading and installing Wireshark is easy. Step one is to check the official Wireshark Download page for the operating system you need. The basic version of Wireshark is free. • Wireshark for Linux • Installing Wireshark on Linux can be a little different depending on the Linux distribution. If you aren’t running one of the following distros, please double-check the commands. • Ubuntu • From a terminal prompt, run these commands: – sudo apt-get install wireshark – sudo dpkg-reconfigure wireshark-common – sudo adduser $USER wireshark • Those commands download the package, update the package, and add user privileges to run Wireshark.
Data Packets on Wireshark • Now that we have Wireshark installed let’s go over how to enable the Wireshark packet sniffer and then analyze the network traffic. • Capturing Data Packets on Wireshark • When you open Wireshark, you see a screen that shows you a list of all of the network connections you can monitor. You also have a capture filter field, so you only capture the network traffic you want to see.
Data Packets on Wireshark • You can select one or more of the network interfaces using “shift left-click.” Once you have the network interface selected, you can start the capture, and there are several ways to do that. • Click the first button on the toolbar, titled “Start Capturing Packets.” • You can select the menu item Capture -> Start.
Data Packets on Wireshark • Or you could use the keystroke Control – E. • During the capture, Wireshark will show you the packets that it captures in real- time. • Once you have captured all the packets you need, you use the same buttons or menu options to stop the capture. • Best practice says that you should stop Wireshark packet capture before you do analysis.
Analyzing Data Packets on Wireshark • Wireshark shows you three different panes for inspecting packet data. The Packet List, the top pane, is a list of all the packets in the capture. When you click on a packet, the other two panes change to show you the details about the selected packet. You can also tell if the packet is part of a conversation. • Here are some details about each column in the top pane: • No.: This is the number order of the packet that got captured. The bracket indicates that this packet is part of a conversation. • Time: This column shows you how long after you started the capture that this packet got captured. You can change this value in the Settings menu if you need something different displayed. • Source: This is the address of the system that sent the packet. • Destination: This is the address of the destination of that packet. • Protocol: This is the type of packet, for example, TCP, DNS, DHCPv6, or ARP. • Length: This column shows you the length of the packet in bytes. • Info: This column shows you more information about the packet contents, and will vary depending on what kind of packet it is. • Packet Details, the middle pane, shows you as much readable information about the packet as possible, depending on what kind of packet it is. You can right-click and create filters based on the highlighted text in this field. • The bottom pane, Packet Bytes, displays the packet exactly as it got captured in hexadecimal. • When you are looking at a packet that is part of a conversation, you can right-click the packet and select Follow to see only the packets that are part of that conversation.
Analyzing Data Packets on Wireshark • Wireshark Filters • One of the best features of Wireshark is the Wireshark Capture Filters and Wireshark Display Filters. Filters allow you to view the capture the way you need to see it so you can troubleshoot the issues at hand. Here are several filters to get you started. • Wireshark Capture Filters • Capture filters limit the captured packets by the filter. Meaning if the packets don’t match the filter, Wireshark won’t save them. Here are some examples of capture filters: • host IP-address: this filter limits the capture to traffic to and from the IP address • net 192.168.0.0/24: this filter captures all traffic on the subnet. • dst host IP-address: capture packets sent to the specified host. • port 53: capture traffic on port 53 only. • port not 53 and not arp: capture all traffic except DNS and ARP traffic
Analyzing Data Packets on Wireshark • Wireshark Display Filters • Wireshark Display Filters change the view of the capture during analysis. After you have stopped the packet capture, you use display filters to narrow down the packets in the Packet List so you can troubleshoot your issue. • The most useful (in my experience) display filter is: • ip.src==IP-address and ip.dst==IP-address • This filter shows you packets from one computer (ip.src) to another (ip.dst). You can also use ip.addr to show you packets to and from that IP. Here are some others: • tcp.port eq 25: This filter will show you all traffic on port 25, which is usually SMTP traffic. • icmp: This filter will show you only ICMP traffic in the capture, most likely they are pings. • ip.addr != IP_address: This filter shows you all traffic except the traffic to or from the specified computer. • Analysts even build filters to detect specific attacks, like this filter to detect the Sasser worm: • ls_ads.opnum==0x09
Additional Wireshark Features • Beyond the capture and filtering, there are several other features in Wireshark that can make your life better. • Wireshark Colorization Options • You can setup Wireshark so it colors your packets in the Packet List according to the display filter, which allows you to emphasize the packets you want to highlight.
Additional Wireshark Features • Wireshark Promiscuous Mode • By default, Wireshark only captures packets going to and from the computer where it runs. By checking the box to run Wireshark in Promiscuous Mode in the Capture Settings, you can capture most of the traffic on the LAN. • Wireshark Command Line • Wireshark does provide a Command Line Interface (CLI) if you operate a system without a GUI. Best practice would be to use the CLI to capture and save a log so you can review the log with the GUI. • Wireshark Commands • wireshark : run Wireshark in GUI mode • wireshark –h : show available command line parameters for Wireshark • wireshark –a duration:300 –i eth1 –w wireshark. : capture traffic on the Ethernet interface 1 for 5 minutes. –a means automatically stop the capture, -i specifics which interface to capture
Additional Wireshark Features • Metrics and Statistics • Under the Statistics menu item, you will find a plethora of options to show details about your capture.
Additional Wireshark Features • Capture File Properties:
Additional Wireshark Features • Wireshark I/O Graph:

Recommended

Wireshark
Wireshark Wireshark
Wireshark
antivirusspam
 
Network Packet Analysis with Wireshark
Network Packet Analysis with WiresharkNetwork Packet Analysis with Wireshark
Network Packet Analysis with Wireshark
Jim Gilsinn
 
Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic Analysis
David Sweigert
 
Wireshark
WiresharkWireshark
Wireshark
Kushagra Ganeriwal
 
Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wireshark
Basaveswar Kureti
 
Wireshark
WiresharkWireshark
Wireshark
Kasun Madusanke
 
Wireshark - presentation
Wireshark - presentationWireshark - presentation
Wireshark - presentation
Kateryna Haskova
 
Wireshark network analysing software
Wireshark network analysing softwareWireshark network analysing software
Wireshark network analysing software
dharmesh nakum
 

Recommended

Wireshark
Wireshark Wireshark
Wireshark
antivirusspam
 
Network Packet Analysis with Wireshark
Network Packet Analysis with WiresharkNetwork Packet Analysis with Wireshark
Network Packet Analysis with Wireshark
Jim Gilsinn
 
Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic Analysis
David Sweigert
 
Wireshark
WiresharkWireshark
Wireshark
Kushagra Ganeriwal
 
Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wireshark
Basaveswar Kureti
 
Wireshark
WiresharkWireshark
Wireshark
Kasun Madusanke
 
Wireshark - presentation
Wireshark - presentationWireshark - presentation
Wireshark - presentation
Kateryna Haskova
 
Wireshark network analysing software
Wireshark network analysing softwareWireshark network analysing software
Wireshark network analysing software
dharmesh nakum
 
Wireshark
WiresharkWireshark
Wireshark
lakshya dubey
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li In
mhaviv
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic Presentation
MD. SHORIFUL ISLAM
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
Coursenvy.com
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark Basics
Yoram Orzach
 
wireshark
wiresharkwireshark
wireshark
Mirza Baig
 
Network Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxNetwork Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptx
ArifinChowdhury2
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
n|u - The Open Security Community
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
OWASP Delhi
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking Guide
Aryan G
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
anilinvns
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
Phannarith Ou, G-CISO
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA Rules
Lionel Faleiro
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
n|u - The Open Security Community
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security Platform
Pituphong Yavirach
 
Wireshark
WiresharkWireshark
Wireshark
btohara
 
NMAP
NMAPNMAP
NMAP
PrateekAryan1
 
Network scanning
Network scanningNetwork scanning
Network scanning
MD SAQUIB KHAN
 
Intro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTIntro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERT
Ashley Deuble
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
amiable_indian
 
Practical 7 - Using Wireshark Tutorial and Hands-on
Practical 7 - Using Wireshark Tutorial and Hands-onPractical 7 - Using Wireshark Tutorial and Hands-on
Practical 7 - Using Wireshark Tutorial and Hands-on
QaisSaifQassim
 
wireshark-090916114253-phpapp01 (1).pdf
wireshark-090916114253-phpapp01 (1).pdfwireshark-090916114253-phpapp01 (1).pdf
wireshark-090916114253-phpapp01 (1).pdf
LuisCarlos663610
 

More Related Content

What's hot

Wireshark
WiresharkWireshark
Wireshark
lakshya dubey
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li In
mhaviv
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic Presentation
MD. SHORIFUL ISLAM
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
Coursenvy.com
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark Basics
Yoram Orzach
 
wireshark
wiresharkwireshark
wireshark
Mirza Baig
 
Network Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxNetwork Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptx
ArifinChowdhury2
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
n|u - The Open Security Community
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
OWASP Delhi
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking Guide
Aryan G
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
anilinvns
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
Phannarith Ou, G-CISO
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA Rules
Lionel Faleiro
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
n|u - The Open Security Community
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security Platform
Pituphong Yavirach
 
Wireshark
WiresharkWireshark
Wireshark
btohara
 
NMAP
NMAPNMAP
NMAP
PrateekAryan1
 
Network scanning
Network scanningNetwork scanning
Network scanning
MD SAQUIB KHAN
 
Intro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTIntro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERT
Ashley Deuble
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
amiable_indian
 

What's hot (20)

Wireshark
WiresharkWireshark
Wireshark
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li In
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic Presentation
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark Basics
 
wireshark
wiresharkwireshark
wireshark
 
Network Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxNetwork Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptx
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking Guide
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA Rules
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security Platform
 
Wireshark
WiresharkWireshark
Wireshark
 
NMAP
NMAPNMAP
NMAP
 
Network scanning
Network scanningNetwork scanning
Network scanning
 
Intro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTIntro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERT
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
 

Similar to Wireshark.pptx

Practical 7 - Using Wireshark Tutorial and Hands-on
Practical 7 - Using Wireshark Tutorial and Hands-onPractical 7 - Using Wireshark Tutorial and Hands-on
Practical 7 - Using Wireshark Tutorial and Hands-on
QaisSaifQassim
 
wireshark-090916114253-phpapp01 (1).pdf
wireshark-090916114253-phpapp01 (1).pdfwireshark-090916114253-phpapp01 (1).pdf
wireshark-090916114253-phpapp01 (1).pdf
LuisCarlos663610
 
Wireshark Tool - Features & Benefits.pdf
Wireshark Tool - Features & Benefits.pdfWireshark Tool - Features & Benefits.pdf
Wireshark Tool - Features & Benefits.pdf
DataSpace Academy
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing Conference
Cengage Learning
 
Wiresharkrep
WiresharkrepWiresharkrep
Wiresharkrep
Disha Rathod
 
Wireshark Packet Analyzer.pptx
Wireshark Packet Analyzer.pptxWireshark Packet Analyzer.pptx
Wireshark Packet Analyzer.pptx
Carlos González García, PMP®
 
Presentation on wireshark
Presentation on wiresharkPresentation on wireshark
Presentation on wireshark
Anil Thalor
 
Packet sniffers
Packet sniffers Packet sniffers
Packet sniffers
Ravi Teja Reddy
 
Wireshark
WiresharkWireshark
Wireshark
Sourav Roy
 
wireshark.pdf
wireshark.pdfwireshark.pdf
wireshark.pdf
ssuserafc27c
 
Network security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureNetwork security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architecture
Muhammad ismail Shah
 
Experiment 7 traffic analysis
Experiment 7 traffic analysisExperiment 7 traffic analysis
Experiment 7 traffic analysis
nikitaa25
 
Lab Exercise #4 IPv4 Dr. Anne Kohnke 1 Obj.docx
Lab Exercise #4 IPv4 Dr. Anne Kohnke 1 Obj.docxLab Exercise #4 IPv4 Dr. Anne Kohnke 1 Obj.docx
Lab Exercise #4 IPv4 Dr. Anne Kohnke 1 Obj.docx
smile790243
 
(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope
INSIGHT FORENSIC
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection tool
Issar Kapadia
 
Free NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings rightFree NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings right
ManageEngine, Zoho Corporation
 
Network Monitoring with Wireshark
Network Monitoring with WiresharkNetwork Monitoring with Wireshark
Network Monitoring with Wireshark
Siddharth Coontoor
 
IP tables and Filtering
IP tables and FilteringIP tables and Filtering
IP tables and Filtering
Aisha Talat
 
Network Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxNetwork Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptx
talkaton
 
Network Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdfNetwork Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdf
talkaton
 

Similar to Wireshark.pptx (20)

Practical 7 - Using Wireshark Tutorial and Hands-on
Practical 7 - Using Wireshark Tutorial and Hands-onPractical 7 - Using Wireshark Tutorial and Hands-on
Practical 7 - Using Wireshark Tutorial and Hands-on
 
wireshark-090916114253-phpapp01 (1).pdf
wireshark-090916114253-phpapp01 (1).pdfwireshark-090916114253-phpapp01 (1).pdf
wireshark-090916114253-phpapp01 (1).pdf
 
Wireshark Tool - Features & Benefits.pdf
Wireshark Tool - Features & Benefits.pdfWireshark Tool - Features & Benefits.pdf
Wireshark Tool - Features & Benefits.pdf
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing Conference
 
Wiresharkrep
WiresharkrepWiresharkrep
Wiresharkrep
 
Wireshark Packet Analyzer.pptx
Wireshark Packet Analyzer.pptxWireshark Packet Analyzer.pptx
Wireshark Packet Analyzer.pptx
 
Presentation on wireshark
Presentation on wiresharkPresentation on wireshark
Presentation on wireshark
 
Packet sniffers
Packet sniffers Packet sniffers
Packet sniffers
 
Wireshark
WiresharkWireshark
Wireshark
 
wireshark.pdf
wireshark.pdfwireshark.pdf
wireshark.pdf
 
Network security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureNetwork security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architecture
 
Experiment 7 traffic analysis
Experiment 7 traffic analysisExperiment 7 traffic analysis
Experiment 7 traffic analysis
 
Lab Exercise #4 IPv4 Dr. Anne Kohnke 1 Obj.docx
Lab Exercise #4 IPv4 Dr. Anne Kohnke 1 Obj.docxLab Exercise #4 IPv4 Dr. Anne Kohnke 1 Obj.docx
Lab Exercise #4 IPv4 Dr. Anne Kohnke 1 Obj.docx
 
(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection tool
 
Free NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings rightFree NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings right
 
Network Monitoring with Wireshark
Network Monitoring with WiresharkNetwork Monitoring with Wireshark
Network Monitoring with Wireshark
 
IP tables and Filtering
IP tables and FilteringIP tables and Filtering
IP tables and Filtering
 
Network Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxNetwork Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptx
 
Network Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdfNetwork Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdf
 

Recently uploaded

Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket ManagementUtilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
timtebeek1
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
Boni García
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
Octavian Nadolu
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
Fermin Galan
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
Google
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
mz5nrf0n
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
Google
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Crescat
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
NYGGS Automation Suite
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
SOCRadar
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
Philip Schwarz
 
Preparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging a Tech AgencyPreparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging a Tech Agency
ISH Technologies
 

Recently uploaded (20)

Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket ManagementUtilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
 
Preparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging a Tech AgencyPreparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging a Tech Agency
 

Wireshark.pptx

  • 1. What is Wireshark? • Wireshark is an open-source network protocol analysis software program started by Gerald Combs in 1998. • A global organization of network specialists and software developers support Wireshark and continue to make updates for new network technologies and encryption methods. • Wireshark is absolutely safe to use. • Government agencies, corporations, non-profits, and educational institutions use Wireshark for troubleshooting and teaching purposes. There isn’t a better way to learn networking than to look at the traffic under the Wireshark microscope. • There are questions about the legality of Wireshark since it is a powerful packet sniffer. The Light side of the Force says that you should only use Wireshark on networks where you have permission to inspect network packets. Using Wireshark to look at packets without permission is a path to the Dark Side.
  • 2. How does Wireshark work? • Wireshark is a packet sniffer and analysis tool. • It captures network traffic on the local network and stores that data for offline analysis. • Wireshark captures network traffic from Ethernet, Bluetooth, Wireless (IEEE.802.11), Token Ring, Frame Relay connections, and more. • Ed. Note: A “packet” is a single message from any network protocol (i.e., TCP, DNS, etc.) • Ed. Note 2: LAN traffic is in broadcast mode, meaning a single computer with Wireshark can see traffic between two other computers. If you want to see traffic to an external site, you need to capture the packets on the local computer. • Wireshark allows you to filter the log either before the capture starts or during analysis, so you can narrow down and zero into what you are looking for in the network trace. For example, you can set a filter to see TCP traffic between two IP addresses. You can set it only to show you the packets sent from one computer. The filters in Wireshark are one of the primary reasons it became the standard tool for packet analysis.
  • 3. How to Download Wireshark • Downloading and installing Wireshark is easy. Step one is to check the official Wireshark Download page for the operating system you need. The basic version of Wireshark is free. • Wireshark for Linux • Installing Wireshark on Linux can be a little different depending on the Linux distribution. If you aren’t running one of the following distros, please double-check the commands. • Ubuntu • From a terminal prompt, run these commands: – sudo apt-get install wireshark – sudo dpkg-reconfigure wireshark-common – sudo adduser $USER wireshark • Those commands download the package, update the package, and add user privileges to run Wireshark.
  • 4. Data Packets on Wireshark • Now that we have Wireshark installed let’s go over how to enable the Wireshark packet sniffer and then analyze the network traffic. • Capturing Data Packets on Wireshark • When you open Wireshark, you see a screen that shows you a list of all of the network connections you can monitor. You also have a capture filter field, so you only capture the network traffic you want to see.
  • 5. Data Packets on Wireshark • You can select one or more of the network interfaces using “shift left-click.” Once you have the network interface selected, you can start the capture, and there are several ways to do that. • Click the first button on the toolbar, titled “Start Capturing Packets.” • You can select the menu item Capture -> Start.
  • 6. Data Packets on Wireshark • Or you could use the keystroke Control – E. • During the capture, Wireshark will show you the packets that it captures in real- time. • Once you have captured all the packets you need, you use the same buttons or menu options to stop the capture. • Best practice says that you should stop Wireshark packet capture before you do analysis.
  • 7. Analyzing Data Packets on Wireshark • Wireshark shows you three different panes for inspecting packet data. The Packet List, the top pane, is a list of all the packets in the capture. When you click on a packet, the other two panes change to show you the details about the selected packet. You can also tell if the packet is part of a conversation. • Here are some details about each column in the top pane: • No.: This is the number order of the packet that got captured. The bracket indicates that this packet is part of a conversation. • Time: This column shows you how long after you started the capture that this packet got captured. You can change this value in the Settings menu if you need something different displayed. • Source: This is the address of the system that sent the packet. • Destination: This is the address of the destination of that packet. • Protocol: This is the type of packet, for example, TCP, DNS, DHCPv6, or ARP. • Length: This column shows you the length of the packet in bytes. • Info: This column shows you more information about the packet contents, and will vary depending on what kind of packet it is. • Packet Details, the middle pane, shows you as much readable information about the packet as possible, depending on what kind of packet it is. You can right-click and create filters based on the highlighted text in this field. • The bottom pane, Packet Bytes, displays the packet exactly as it got captured in hexadecimal. • When you are looking at a packet that is part of a conversation, you can right-click the packet and select Follow to see only the packets that are part of that conversation.
  • 8. Analyzing Data Packets on Wireshark • Wireshark Filters • One of the best features of Wireshark is the Wireshark Capture Filters and Wireshark Display Filters. Filters allow you to view the capture the way you need to see it so you can troubleshoot the issues at hand. Here are several filters to get you started. • Wireshark Capture Filters • Capture filters limit the captured packets by the filter. Meaning if the packets don’t match the filter, Wireshark won’t save them. Here are some examples of capture filters: • host IP-address: this filter limits the capture to traffic to and from the IP address • net 192.168.0.0/24: this filter captures all traffic on the subnet. • dst host IP-address: capture packets sent to the specified host. • port 53: capture traffic on port 53 only. • port not 53 and not arp: capture all traffic except DNS and ARP traffic
  • 9. Analyzing Data Packets on Wireshark • Wireshark Display Filters • Wireshark Display Filters change the view of the capture during analysis. After you have stopped the packet capture, you use display filters to narrow down the packets in the Packet List so you can troubleshoot your issue. • The most useful (in my experience) display filter is: • ip.src==IP-address and ip.dst==IP-address • This filter shows you packets from one computer (ip.src) to another (ip.dst). You can also use ip.addr to show you packets to and from that IP. Here are some others: • tcp.port eq 25: This filter will show you all traffic on port 25, which is usually SMTP traffic. • icmp: This filter will show you only ICMP traffic in the capture, most likely they are pings. • ip.addr != IP_address: This filter shows you all traffic except the traffic to or from the specified computer. • Analysts even build filters to detect specific attacks, like this filter to detect the Sasser worm: • ls_ads.opnum==0x09
  • 10. Additional Wireshark Features • Beyond the capture and filtering, there are several other features in Wireshark that can make your life better. • Wireshark Colorization Options • You can setup Wireshark so it colors your packets in the Packet List according to the display filter, which allows you to emphasize the packets you want to highlight.
  • 11. Additional Wireshark Features • Wireshark Promiscuous Mode • By default, Wireshark only captures packets going to and from the computer where it runs. By checking the box to run Wireshark in Promiscuous Mode in the Capture Settings, you can capture most of the traffic on the LAN. • Wireshark Command Line • Wireshark does provide a Command Line Interface (CLI) if you operate a system without a GUI. Best practice would be to use the CLI to capture and save a log so you can review the log with the GUI. • Wireshark Commands • wireshark : run Wireshark in GUI mode • wireshark –h : show available command line parameters for Wireshark • wireshark –a duration:300 –i eth1 –w wireshark. : capture traffic on the Ethernet interface 1 for 5 minutes. –a means automatically stop the capture, -i specifics which interface to capture
  • 12. Additional Wireshark Features • Metrics and Statistics • Under the Statistics menu item, you will find a plethora of options to show details about your capture.
  • 13. Additional Wireshark Features • Capture File Properties:
  • 14. Additional Wireshark Features • Wireshark I/O Graph: