1 / 14

Wireshark

Wireshark. Haijie Wu. Motivation and Overview. Wireshark is a network protocol analyzer www.wireshark.org First released in 1998 by Gerald Combs as Ethereal. Open source and free software. Motivation and Overview. Powerful tool for network troubleshooting

tareq
Download Presentation

Wireshark

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireshark Haijie Wu

  2. Motivation and Overview • Wireshark is a network protocol analyzer www.wireshark.org • First released in 1998 by Gerald Combs as Ethereal. • Open source and free software

  3. Motivation and Overview • Powerful tool for network troubleshooting • Sniffs and captures live traffic • Filters data for ease of analysis • Statistics and graphs available • Used in industry and academia

  4. Wireshark Installation • Wireshark can be installed on various platforms • Unix, Windows, Linux, Mac OS, etc • Most recent release is 1.4.1 • System requirements • Rule of thumb: fast CPU, more memory is better • FAQs and Wiki pages provide more information

  5. Wireshark Installation • Installation of Wireshark requires • Downloading the relevant package • Building the source into binary if the source is downloaded • Install binaries to their destinations • Windows installation includes WinPcap • Packet capture library (also needed for tcpdump) • Installation easy and intuitive

  6. Wireshark—Main Features • Capturing live traffic • Data can be captured on wired or wireless medium • Numerous protocols can be captured and analyzed • Filtering is essential when dealing with huge number of packets • Filters can be applied on protocols, fields, values, etc. • Filtering while capturing packets is possible

  7. WinP Cap • Industries –standard tool for link layer network access in windows environment • Allows application to capture and transmit network packets by passing the protocol stack • Consists of a driver-extends OS to provide low level network access • Consists of library for easy access to low level network layers • Also contains windows version of libPCap Unix API

  8. Wireshark GUI

  9. How to use Wireshark--Capture • To capture: go the Capture menu and select the Interfaces that used for transmission network data. • Set the capturing environment. • Start capturing on this interface. • The lively data captured by the interface will be shown in the window of Wireshark. • Capturing can be stopped by clicking the stop button on the main toolbar.

  10. Example

  11. Filtering • You can enter the filter expression directly to the filter bar. • The expression is similar to the ‘if statement’ in other programming languages. • Or you can click the ‘Expression…” button to choose the filter options and set the values. • After all filter setting values have been putted in, click the ‘Apply’ button.

  12. Statistics measurement • There are plenty of statistic options provided by Wireshark. • Graph Analysis • Flow graph • Throughput graph

  13. Throughput graph

  14. Flow graph

More Related