Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Wireshark course, Ch 02: Introduction to wireshark

1,415 views

Published on

This chapter introduces the very basics of Wireshark - how to start packet capture, where to locate it in the network and how to configure basic operations. In chapter 3 we will learn how to configure capture and display filters.

Published in: Internet

Wireshark course, Ch 02: Introduction to wireshark

  1. 1. NDI Communications - Engineering & Training Network analysis Using Wireshark Lesson 2 – Introduction to Wireshark
  2. 2. Page 2 Lesson Objectives By the end of this lesson, the participant will be able to: To start capturing data with the Wireshark software To configure basic parameters with Wireshark To understand basic colorizing mechanisms To understand basic preferences configurations
  3. 3. Page 3 Chapter Content A brief history and introduction Locating Wireshark Starting the capture of data Configuring the start window Using time values and summaries Configuring colouring rules and navigation techniques Saving, printing, and exporting data Configuring the user interface in the Preferences menu Configuring protocol preferences
  4. 4. Page 4 What is Network Analysis Developed by Gerald Combs in In late 1997. He called it Ethereal First released, after several pauses in development, in July 1998 as version 0.2.0 Additional patches and applications added by Gilbert Ramirez, Guy Harris and Richard Sharpe and others In 2006 the project moved house and re-emerged under a new name – Wireshark Acquired by Riverbed in 2010 with commitment to live as open-source
  5. 5. Page 5 What Can We Do With It, And What We Cannot? What we can: Capture packets Watch smart statistics Define filters – capture and display Analyze problems What we cannot: It is not and automatic tool It is not suitable for long-term monitoring It is not a “magic” tool
  6. 6. Page 6 Chapter Content A brief history and introduction Locating Wireshark Starting the capture of data Configuring the start window Using time values and summaries Configuring colouring rules and navigation techniques Saving, printing, and exporting data Configuring the user interface in the Preferences menu Configuring protocol preferences
  7. 7. Page 7 Reminder – How a LAN Switch Works Sw Segment A Segment B B3 A1 A2 A3 B2B1 A1 A2 A3 B1 B2 B3 C5 C6 C7 C5 C6 C7 Segment C Decision Table A1A3 Block A1B1 Forward to port B A1C7 Forward to port C A1BC Forward to all (flood) A1D7 Forward to all (flood)
  8. 8. Page 8 Port Mirror / Port Monitor Monitoring port SDSD SD SD Monitored port
  9. 9. Page 9 Were to Locate the Wireshark? To ISP For server monitoring: Connect the laptop to the LAN switch, with port mirror to the monitored server For WAN monitoring: Connect the laptop to the LAN switch, with port mirror to the monitored router For Internet connectivity monitoring: Before or after the Firewall
  10. 10. Page 10 Chapter Content A brief history and introduction Locating Wireshark Starting the capture of data Configuring the start window Using time values and summaries Configuring colouring rules and navigation techniques Saving, printing, and exporting data Configuring the user interface in the Preferences menu Configuring protocol preferences
  11. 11. Page 11 The Interface (Version 1.10.6)
  12. 12. Page 12 Choose the Right Interface
  13. 13. Page 13 Some Details:
  14. 14. Page 14 Choose the Interface and Start the Capture
  15. 15. Page 15 And You Will Get: Packet List Packet Details Packet Bytes
  16. 16. Page 16 To Stop the Capture Or Ctrl+E
  17. 17. Page 17 Configuring the Capture Choosing the interface Capture in promiscuous mode Capture multiple files Stop capture Display options Name resolution Manage Interfaces Capture filter
  18. 18. Page 18 A brief history and introduction Locating Wireshark Starting the capture of data Configuring the start window Using time values and summaries Configuring colouring rules and navigation techniques Saving, printing, and exporting data Configuring the user interface in the Preferences menu Configuring protocol preferences
  19. 19. Page 19 Configuring the start window Chapter Content Main Toolbar Filter Toolbar Wireless Toolbar (Turned off by default) Status Toolbar
  20. 20. Page 20 Chapter Content A brief history and introduction Locating Wireshark Starting the capture of data Configuring the start window Using time values and summaries Configuring colouring rules and navigation techniques Saving, printing, and exporting data Configuring the user interface in the Preferences menu Configuring protocol preferences
  21. 21. Page 21 Time Display Format
  22. 22. Page 22 Chapter Content A brief history and introduction Locating Wireshark Starting the capture of data Configuring the start window Using time values and summaries Configuring colouring rules and navigation techniques Saving, printing, and exporting data Configuring the user interface in the Preferences menu Configuring protocol preferences
  23. 23. Page 23 Packet Colorization You can set-up Wireshark so that it will colorize packets according to a filter There are two types of coloring rules in Wireshark. Temporary ones that are only used until you quit the program. Permanent ones that will be saved to a preference file so that they are available on a next session
  24. 24. Page 24 Permanently Colorize Packets Open from View  Coloring Rules
  25. 25. Page 25 Colorizing Specific Data We want to watch a specific protocol through out the capture file
  26. 26. Page 26 Colorizing Specific Data
  27. 27. Page 27 Colorizing Specific Data
  28. 28. Page 28 Colorizing Specific Data (TLS Connection Establishment)
  29. 29. Page 29 Chapter Content A brief history and introduction Locating Wireshark Starting the capture of data Configuring the start window Using time values and summaries Configuring colouring rules and navigation techniques Saving, printing, and exporting data Configuring the user interface in the Preferences menu Configuring protocol preferences
  30. 30. Page 30 Saving and Manipulating Files Save only displayed packets
  31. 31. Page 31 Saving and Manipulating Files Save to XLS file
  32. 32. Page 32 And You Will Get: Additional calculation for finding the DELAY
  33. 33. Page 33 Chapter Content A brief history and introduction Locating Wireshark Starting the capture of data Configuring the start window Using time values and summaries Configuring colouring rules and navigation techniques Saving, printing, and exporting data Configuring the user interface in the Preferences menu Configuring protocol preferences
  34. 34. Page 34 Preferences Open from Edit  Preferences User interface configuration Protocols configuration
  35. 35. Page 35 Chapter Content A brief history and introduction Locating Wireshark Starting the capture of data Configuring the start window Using time values and summaries Configuring colouring rules and navigation techniques Saving, printing, and exporting data Configuring the user interface in the Preferences menu Configuring protocol preferences
  36. 36. Page 36 Control Protocol Dissection Each protocol has its own dissector, so dissecting a complete packet will typically involve several dissectors. Wireshark tries to find the right dissector for each packet (using static "routes" and heuristics "guessing")
  37. 37. Page 37 User Specified Decodes The "Decode As" functionality let you temporarily divert specific protocol dissections.
  38. 38. Page 38 Configuration Profiles Open from Edit  Configuration Profiles Configuration Profiles can be used to configure and use more than one set of preferences and configurations: Preferences Capture Filters Display Filters Coloring Rules Disabled Protocols User Accessible Tables
  39. 39. Page 39 Wireshark Shortcuts
  40. 40. Page 40 Summary For more information, technical data and many examples and case studies: http://www.amazon.com/Network-Analysis-Using-Wireshark- Cookbook/dp/1849517649 Thanks!!! Yoram Orzach yoram@ndi-com.com +972-52-4899699

×