Wireshark Tutorial
2 likes4,275 views
Wireshark is a network packet analyzer that captures and displays packet data to monitor network activity. It utilizes IP and MAC addresses for identifying devices on the network and employs ports to facilitate communication between client and server programs. The document also covers using Wireshark's command line interface for capturing packets and saving them in .pcap file format.
More Related Content
Wireshark Tutorial
- 2. BASICS OF WIRESHARK Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what’s going on inside a network cable.
- 3. IP ADDRESS & MAC ADDRESS An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer or device) participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing. A media access control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet and WiFi.
- 4. PORTS In programming, a port (noun) is a "logical connection place" and specifically, using the Internet's protocol, TCP/IP, the way a client program specifies a particular server program on a computer in a network.
- 5. TABS IN WIRESHARK No. shows the number of captured packet or index number. Time shows the time of capture Source shows the source ip of the packet or the packet is originally generated from which source ip. Destination shows the destination ip where the packet is going. Protocol shows the which kind of protocol communication is held between the source and destination. Info shows the data payload in the packet.
- 19. SOME EXAMPLES ON WIRESHARK COMMAND LINE INTERFACE (CLI) Select the interface and start capturing the packets: >tshark –i <enter the number of interface listed in the previous command> >tshark –i 1 Hit enter. It will start capturing the packets from the specified interface.
- 20. SOME EXAMPLES ON WIRESHARK COMMAND LINE INTERFACE (CLI) Select the interface and start capturing the packets for 10sec and save the captured packet in the 10sec.pcap file format: >tshark –i <enter the number of interface><space> -a duration:<sec> -w <filename>.pcap >tshark –i 1 –a duration:10 –w 10sec.pcap Hit enter. It will start capturing the packets from the specified interface for 10sec and save it in a file 10sec.pcap file. To see the captured packet enter the filename in the command prompt. >10sec.pcap
- 21. TSHARK OUTPUT FORMATTING For output format of Tshark, tshark uses the format of .pcap in which it saves the captured packets.