Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Data Management

Network sniffer (Wireshark) – a short guide

advertisement

Labor für Technische Informatik

240314

SLZ

Network sniffer ( Wireshark ) – a short guide

General : Help texts on functionalities and options are available by moving the mouse cursor  over the desired item.

Before first use   access to the display must be granted by issuing the command xhost +local:root

Usually  Wireshark  should be started with root privileges from the command line sudo /usr/bin/wireshark

If you want to run it on a remote computer (e.g.  ssh  session) use the following command: sudo XAUTHORITY=/home/networker/.Xauthority /usr/bin/wireshark

1. Step:  Set up '

Capture - Options ' :

Click    in the main window or in the Capture menu.

           

Select  Interface(s)  and network(s) as required.

Labor für Technische Informatik

240314

SLZ

Capture Filters  can be set up by double­clicking the desired interface:

Refer to the Wireshark Documentation or the man pages for further details on filtering. 

2. Step:  Start the sniffer   (or menu '

Capture – Start ' )

The capture can be stopped by clicking the  Stop ­Button   or by menu 

Capture – Stop

.

3. Step:  Evaluation

     

• upper third of the window:  chronological list of captured packets

• mid third of the window: details of the currently selected packet

• lower third of the window: native data of the selected packet (left: hex, right: ASCII)

NB: Information displayed may be based on Wireshark's interpretation of native data.

4. Step : Saving a snapshot can be done:

• as text: Menu  Export Packet Dissections  –  as “Plain Text” file .

Labor für Technische Informatik

240314

SLZ

The packet range and format can be set individually. Choosing "Packet summary line"   and deselecting "Packet details" will produce an output similar to the contents of the  upper third of Wireshark's window.

binary, for viewing the snapshot off­line or further processing with analysing tools  choose  File  –  Save  or   File  –  Save As...

 

Further functionalities and settings :

1.

Choosing  Capture  –  Interfaces  gives an overview of the network traffic on all interfaces.

      

Clicking  Options  the options for the selected card can be set. Clicking  Start  will start a  new capture on the selected interfaces.

2. Display filter  ("Filter" button): This filter merely suppresses displaying of all packets that  do not match the given criteria. Unlike the  Capture ­filter all packets are still available in  the buffer, so they can be made visible by clicking  Clear  at any time.

3.

The meaning of colours can be looked up through  View  –  Coloring Rules  or the equivalent button. Enabling and disabling can be done in the  View  –  Colorize Packet List  Menu.

4. Sequence numbers  (TCP): Relative numbering is used by default. This can be changed  through  Edit  –  Preferences  under  Protocols  –  TCP .

5. Follow TCP Stream : If you select a packet from the list in the upper third of the window  that is part of a TCP session, you can choose "Follow TCP Stream" from the context menu to view the data exchange of this session in a separate window. In connection with this a  display filter  will be set automatically.

6.

The  Statistics  menu provides various functionalities for viewing details of all  communication sessions contained in the capture. (Organised by layer, protocol etc.) 

7. Man pages  can be accessed through the Help menu “ Manual Pages ”

Related documents
Wireshark Tutorial – Part 1
Wireshark Tutorial – Part 1
1.) Go to: http://www.mypyramid.gov/ 2.) Click on : My Pyramid Menu
1.) Go to: http://www.mypyramid.gov/ 2.) Click on : My Pyramid Menu
Adding a language to the Windows Language Bar
Adding a language to the Windows Language Bar
Technical Fundamentals
Technical Fundamentals
Wireshark
Wireshark
CIS 617 - NETWORKS & COMMUNICATION
CIS 617 - NETWORKS & COMMUNICATION
Paul Bokor Network Protocol Specialists, LLC paul@nps
Paul Bokor Network Protocol Specialists, LLC paul@nps
FA15 Beginner Wireshark 22AF
FA15 Beginner Wireshark 22AF
Snooping
Snooping
Drinking straight from the network hose
Drinking straight from the network hose
EDTECH 552, lab2 Multiple Choice Questions: 1. How does CSMA
EDTECH 552, lab2 Multiple Choice Questions: 1. How does CSMA
SHARK@SHARE wireshark Hands-On Lab
SHARK@SHARE wireshark Hands-On Lab
Intrusion Detection System Using Wireshark
Intrusion Detection System Using Wireshark
Lab 0: Getting Started with Ethereal
Lab 0: Getting Started with Ethereal
White Paper - Extracting a Print Capture Using Wireshark
White Paper - Extracting a Print Capture Using Wireshark
Wireshark Tutorial
Wireshark Tutorial
Lab2: HTTP
Lab2: HTTP
Lab 0: Getting Started with Ethereal
Lab 0: Getting Started with Ethereal
Introduction to Wireshark Network Analysis
Introduction to Wireshark Network Analysis
Investigating TCP/IP, HTTP, ARP, ICMP Packets Using Wireshark
Investigating TCP/IP, HTTP, ARP, ICMP Packets Using Wireshark
Wireshark Lab: Getting Started
Wireshark Lab: Getting Started
E1_Lab_11_5_6_in
E1_Lab_11_5_6_in
Download
advertisement