280 likes | 296 Views
Learn how to use Wireshark, the network protocol analyzer formerly known as Ethereal, to capture and analyze network packets with detailed data display. Explore filtering, sorting, and capturing packets for efficient protocol analysis.
E N D
Ethereal/WireShark Tutorial Yen-Cheng Chen IM, NCNU
WireShark • The Ethereal network protocol analyzer has changed its name to Wireshark. • http://www.wireshark.org/ • Download: • http://www.wireshark.org/download.html • Wireshark User's Guide • http://www.wireshark.org/docs/wsug_html/
Introduction • A network protocol analyzer will try to capture network packets and tries to display that packet data as detailed as possible. • What will be captured • All packets that an interface can ”hear” • At your PC connected to a switch • Unicast (to and from the interface only) • Multicast, RIP, IGMP,… • Broadcast, e,g ARP,
menu main toolbar filter toolbar packet list pane packet details pane ipconfig /renew packet bytes pane status bar
Filter Expression ip.src == 10.32.11.220 && ip.dst == 163.22.32.101 ip.src eq 10.32.11.220 and ip.dst eq 163.22.32.101 ip.src == 10.32.11.220 || ip.src == 163.22.32.101 http && ( ip.src == 10.32.11.220 || ip.src == 163.22.32.101) !(ip.dst == 10.32.11.220)
No. Time Source Destination Protocol Length Info 950 10.693436 10.32.11.220 163.22.32.101 HTTP 613 GET /rnd/ HTTP/1.1 Frame 950: 613 bytes on wire (4904 bits), 613 bytes captured (4904 bits) Ethernet II, Src: Metallig_43:fd:08 (00:50:bf:43:fd:08), Dst: Cisco_74:e4:00 (00:1a:30:74:e4:00) Internet Protocol Version 4, Src: 10.32.11.220 (10.32.11.220), Dst: 163.22.32.101 (163.22.32.101) Transmission Control Protocol, Src Port: rdrmshc (1075), Dst Port: http (80), Seq: 559, Ack: 813, Len: 559 Source port: rdrmshc (1075) Destination port : (80) [Stream index:21] Sequence number : 559 (relative sequence number) [Next sequence number : 1118 (relative sequence number)] Acknowledgement number : 813 (relative ack number) Header length : 20 bytes Flags : 0x18 (PSH , ACK) window size value : 64723 [Calculated window size : 64723] [window size scaling factor : -2 (no window scaling used)] Checksum : 0x5306 [validation disabled] [SEQ/ACK analysis] Hypertext Transfer Protocol
Assignments • 5 layers • Ethernet II frame • 802.3 frame • Broadcast frame • Deadline: ?