Transcript wireshark lecture

Haijie Wu
Motivation and Overview
 Wireshark is a network protocol analyzer
www.wireshark.org
 First released in 1998 by Gerald Combs as Ethereal.
 Open source and free software
Motivation and Overview
 Powerful tool for network troubleshooting
 Sniffs and captures live traffic
 Filters data for ease of analysis
 Statistics and graphs available
 Used in industry and academia
Wireshark Installation
 Wireshark can be installed on various platforms
 Unix, Windows, Linux, Mac OS, etc
 Most recent release is 1.4.1
 System requirements
 Rule of thumb: fast CPU, more memory is better
 FAQs and Wiki pages provide more information
Wireshark Installation
 Installation of Wireshark requires
 Downloading the relevant package

Building the source into binary if the source is downloaded
 Install binaries to their destinations
 Windows installation includes WinPcap
 Packet capture library (also needed for tcpdump)
 Installation easy and intuitive
Wireshark—Main Features
 Capturing live traffic
 Data can be captured on wired or wireless medium
 Numerous protocols can be captured and analyzed
 Filtering is essential when dealing with huge number
of packets
 Filters can be applied on protocols, fields, values, etc.
 Filtering while capturing packets is possible
WinP Cap
 Industries –standard tool for link layer network access in




windows environment
Allows application to capture and transmit network
packets by passing the protocol stack
Consists of a driver-extends OS to provide low level
network access
Consists of library for easy access to low level network
layers
Also contains windows version of libPCap Unix API
Wireshark GUI
How to use Wireshark--Capture
 To capture: go the Capture menu and select the




Interfaces that used for transmission network data.
Set the capturing environment.
Start capturing on this interface.
The lively data captured by the interface will be shown
in the window of Wireshark.
Capturing can be stopped by clicking the stop button
on the main toolbar.
Example
Filtering
 You can enter the filter expression directly to the filter
bar.
 The expression is similar to the ‘if statement’ in other
programming languages.
 Or you can click the ‘Expression…” button to choose
the filter options and set the values.
 After all filter setting values have been putted in, click
the ‘Apply’ button.
Statistics measurement
 There are plenty of statistic options provided by
Wireshark.
 Graph Analysis
 Flow graph
 Throughput graph
Throughput graph
Flow graph