Wireshark Basic Presentation
- 2. What is Wireshark?
• Wireshark is a network packet/protocol analyzer.
• A network packet analyzer will try to capture network packets and
tries to display that packet data as detailed as possible.
• Wireshark is perhaps one of the best open source packet
analyzers available today for UNIX and Windows.
- 3. Some intended purposes
• network administrators use it to troubleshoot network
problems
• network security engineers use it to examine security
problems
• developers use it to debug protocol implementations
• people use it to learn network protocol internals
• Wireshark isn't an intrusion detection system.
• Wireshark will not manipulate things on the network, it
will only "measure" things from it.
- 5. Features
• “Understands" the structure of different network
protocols.
• Displays encapsulation and single fields and
interprets their meaning.
• It can only capture on networks supported by pcap.
• It is cross-platform running on various OS (Linux,
Mac OS X, Microsoft windows)
- 6. WinP Cap
• Industries –standard tool for link layer network access in
windows environment
• Allows application to capture and transmit network packets by
passing the protocol stack
• Consists of a driver-extends OS to provide low level network
access
• Consists of library for easy access to low level network layers
• Also contains windows version of libPCap Unix API
- 12. Capture Filter examples
host 10.1.11.24
host 192.168.0.1 and host 10.1.11.1
tcp port http
ip
not broadcast not multicast
ether host 00:04:13:00:09:a3
- 13. IMPORTANT
• TURN PROMISCUOUS MODE OFF!
• IF YOU'RE AT WORK, YOUR NETWORK
ADMINISTRATOR MAY SEE YOU RUNNING IN
PROMISCUOUS MODE AND SOMEBODY MAY DECIDE
TO FIRE YOU FOR THAT.