wireshark
DESCRIPTION
Wireshark. Haijie Wu. Motivation and Overview. Wireshark is a network protocol analyzer www.wireshark.org First released in 1998 by Gerald Combs as Ethereal. Open source and free software. Motivation and Overview. Powerful tool for network troubleshooting - PowerPoint PPT PresentationTRANSCRIPT
Wireshark
Haijie Wu
Motivation and OverviewWireshark is a network protocol analyzer www.wireshark.orgFirst released in 1998 by Gerald Combs as
Ethereal.
Open source and free software
Motivation and OverviewPowerful tool for network troubleshootingSniffs and captures live trafficFilters data for ease of analysisStatistics and graphs availableUsed in industry and academia
Wireshark InstallationWireshark can be installed on various
platformsUnix, Windows, Linux, Mac OS, etc
Most recent release is 1.4.1System requirements
Rule of thumb: fast CPU, more memory is better
FAQs and Wiki pages provide more information
Wireshark InstallationInstallation of Wireshark requires
Downloading the relevant package Building the source into binary if the source is
downloadedInstall binaries to their destinations
Windows installation includes WinPcapPacket capture library (also needed for
tcpdump)Installation easy and intuitive
Wireshark—Main FeaturesCapturing live traffic
Data can be captured on wired or wireless medium
Numerous protocols can be captured and analyzed
Filtering is essential when dealing with huge number of packetsFilters can be applied on protocols, fields,
values, etc.Filtering while capturing packets is possible
WinP CapIndustries –standard tool for link layer network
access in windows environmentAllows application to capture and transmit
network packets by passing the protocol stackConsists of a driver-extends OS to provide low
level network accessConsists of library for easy access to low level
network layersAlso contains windows version of libPCap Unix
API
Wireshark GUI
How to use Wireshark--CaptureTo capture: go the Capture menu and select
the Interfaces that used for transmission network data.
Set the capturing environment.Start capturing on this interface.The lively data captured by the interface will
be shown in the window of Wireshark.Capturing can be stopped by clicking the stop
button on the main toolbar.
Example
FilteringYou can enter the filter expression directly to
the filter bar. The expression is similar to the ‘if statement’
in other programming languages. Or you can click the ‘Expression…” button to
choose the filter options and set the values. After all filter setting values have been putted
in, click the ‘Apply’ button.
Statistics measurementThere are plenty of statistic options provided
by Wireshark.
Graph AnalysisFlow graphThroughput graph
Throughput graph
Flow graph