Download
1 / 5
60 likes | 108 Views
Learn how to use Ethereal/Wireshark to collect and analyze protocol messages in this comprehensive guide. Understand capture and display filters, interface basics, and more. Ideal for labs and beginners.
E N D
Ethereal/Wireshark • In the labs, we use Ethereal/Wireshark to collect and view protocol messages • Ethereal/Wireshark is a free protocol analysis tool: • Ethereal was re-named to Wireshark • Both take advantage of an even older tool: tcpdump • Exists for Windows, Linux, Mac OS • User interface changes a lot between versions and platforms, but the tool is essentially unchanged • Lab Manual has a detailed description
Basic steps • Select a network interface for data collection • Ethernet, Wifi, Bluetooth, Loopback, (or a file) • Select which packets should be collected (Capture filter) • Start packet capture • View captured packets in the user interface • Limit the packets that are displayed with Display filter • Save/print packets to a file • Many options • Use “print” to save packets in a text file • Use “save” to save packets as a “.pcap” file. “.pcap” files can be used to view the captured packets offline
Capture Filters and Display Filters • Capture filters are set before packet capture is started • Display filters can be set during or after a packet capture • Syntax for capture filters and display filters is different ! • Capture filters use the syntax of tcpdump tool • Example: All IP packets with IP destination address 10.0.1.2 • Capture filter: dst host 10.0.1.2 • Display filter: ip.dst==10.0.1.2 • Prelabs have some exercises
