0% found this document useful (0 votes)
6 views

CS610 LAB 7updated

Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
6 views

CS610 LAB 7updated

Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Lab 7

In this lab we will learn about:

1. Introduction to Wireshark
2. How to create a Troubleshooting Profile in Wireshark:

Introduction to Wireshark

Wireshark is a network packet analyzer which captures network packets and displays that
packet data as detailed as possible. Wireshark is free open source software program
available at www.wireshark.org

Intended Purposes:

When run on a host connected to a wired or wireless network, Wireshark captures and
decodes the network frames. People use it to learn network protocol internals. Network
administrators use it to troubleshoot network problems. Network security engineers use it
to examine security problems.

Wireshark’s Features

1- Available for UNIX and Windows.

2- Capture live packet data.

3- Display packets with very detailed protocol information.

4- Filter packets on many criteria.

5- Save packet data captured.

Wireshark’s Installation

Wireshark can be downloaded from website www.wireshark.org

Get Wireshark installer from: www.wireshark.org/download.html and execute it


Installation Components

• Wireshark - The network protocol analyzer.

• TShark - A command-line network protocol analyzer.

• Plugins & Extensions - Extras for the Wireshark and TShark dissection engines.

• Tools - Additional command line tools to work with capture files

• User’s Guide
Installing WinPcap: With WinPcap installed you would be able to capture live network
traffic.
The main window is shown next.

The different interfaces available that WinPcap driver sees in the machine are shown and
you can either click start or click options for more options regarding capturing packets
before starting the capture
Task 1:

How to create a Troubleshooting Profile in Wireshark:


Until you create a new profile, you are working in Wireshark's Default profile. The
profile you are working in is shown in the right side column of the Status Bar. This is
shown next.
You can create profiles to customize Wireshark with buttons, colors, and more. You can
create separate profiles for different needs. For example, you may want to make a VoIP
profile, a WLAN profile, and a general troubleshooting profile. You can quickly switch
between profiles depending on your needs.

Step1: Right-click the Profile column on the Status Bar.

Step2: In the Configuration Profile window, select New.

Step3: Click the arrow in the Create from area, expand the Global section and select
Classic. This profile uses the most vibrant colors.

Step4: Enter Troubleshooting Book Profile in the Profile Name area. Click OK.

As soon as you create your new profile, the Wireshark Status Bar indicates that you are
working in the Troubleshooting Book Profile, as shown next

You will be able to add capabilities and customization to this new profile. Wireshark also
allows download/import a predefined profile for immediate use.
Task-2

How to enhance the Packet List Pane Columns in Wireshark


By default, the Packet List pane contains: No. (number), Time, Source, Destination,
Protocol, Length, and Info columns. This is shown next.

You can add columns to display additional information about packets to speed up your
analysis process.

You might also like