1 / 18

Wireshark Kung Fu: Becoming a Network Analyst Guru

Required Slide. SESSION CODE: SIA336. Wireshark Kung Fu: Becoming a Network Analyst Guru. Laura Chappell Author Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide wiresharkbook.com. Conquer Your Network with Wireshark. Skills to master include

arleen
Download Presentation

Wireshark Kung Fu: Becoming a Network Analyst Guru

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Required Slide SESSION CODE: SIA336 Wireshark Kung Fu:Becoming a Network Analyst Guru Laura Chappell Author Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide wiresharkbook.com

  2. Conquer Your Networkwith Wireshark Skills to master include • Local/remote capture tips • Locate most active interface • Use rpcapd.exe for remote capture • WLAN graphing • Graphing beacon rate • Graphing 802.11 retransmissions • VoIP playback • Look for jitter, packet loss and errors

  3. Conquer Your Networkwith Wireshark Skills to master include • Malware detection • Have a baseline ready • Know scanning/discovery signs • Colorize questionable traffic • Application analysis • What is the process? • Command-line statistical reporting • Using Tshark effectively

  4. Wireshark Demonstration [The slide set has more details for you as I go into Wireshark demonstrations now.] DEMO

  5. Remote Capturewith Rpcapd.exe

  6. Graphing WLAN Retries (wlan.fc.retry==1) && (wlan.sa==00:24:b2:1f:27:f9)

  7. Try Application Analysis Yourself! • Launch First Instance of Wireshark • Clear DNS and browsing cache (ipconfig /flushdns) • Start capture • http://sharepoint.microsoft.com/?wax=off • Stop capture • Launch Second Instance of Wireshark • Clear DNS and browsing cache (ipconfig /flushdns) • Start capture • http://sharepoint.microsoft.com/?wax=on • Stop capture Capture on your local host while running Wireshark and connecting to the site.

  8. Compare Conversations (Time Values)

  9. VoIP Analysis and Playback • Telephony | VoIP Calls | [select call] | Player | Decode [Check conversation(s)] | Play

  10. Malicious Traffic Detection • BASELINE FIRST

  11. Tshark Command-Line Statistics • From Wireshark Network Analysis

  12. Tshark Command-Line tshark –i 3 -qz conv,eth -z conv,ip–z conv,tcp -z conv,ip Only use -q once. Capture IP conversation statistics -qz conv,eth Don’t show packets (-q ), but capture Ethernet conversation statistics -i 3 Capture on the 3rd interface listed by tshark -D -z conv,tcp Only use -q once. Capture TCP conversation statistics

  13. Required Slide Speakers, please list the Breakout Sessions, Interactive Sessions, Labs and Demo Stations that are related to your session. Related Content • WSV303 Death of a Network: Identify the Hidden Cause of Lousy Network Performance • SIA335 Death of Security: Breached Hosts/Stolen Data/IP Espionage • SIA332 (Panel) Securing the Cloud: Expert Panel • Online Videos: www.wiresharkbook.com

  14. Required Slide Resources Learning • Sessions On-Demand & Community • Microsoft Certification & Training Resources www.microsoft.com/teched www.microsoft.com/learning • Resources for IT Professionals • Resources for Developers • http://microsoft.com/technet • http://microsoft.com/msdn

  15. Required Slide Complete an evaluation on CommNet and enter to win!

  16. Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st http://northamerica.msteched.com/registration You can also register at the North America 2011 kiosk located at registrationJoin us in Atlanta next year

  17. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

  18. Required Slide

More Related