Report On Wireshark
Report On Wireshark
Report On Wireshark
Report On
Report on Wireshark
Introduction
Wireshark is the worlds foremost network protocol analyzer and is the standard across many industries and educational institutions. The work of the network packet analyzer is the capture the packet that flows in network and try to display the packet data in detail. Network packet analyzer is a measuring device used to examine whats going on inside the network. Wireshark is one of the best open source packet analyzers available.
Features
Some of the features of Wireshark are: Multi-platform-Runs on Windows ,Linux ,Solaris, etc Deep inspection of protocol Live capture and off-line analysis Captured network data can be analyzed through GUI mode or TShark utility Coloring rules can be applied to the packet list for quick analysis Import packets from text files containing packet data Output can be exported to plaintext, csv, xml format etc. Data display can be refined with the help of filter Works under wired and wireless network Save packet captured data
Working
When we start the wireshark after installing it, the home page will get open. It will ask you to Choose one or more interfaces to capture from.
Report on Wireshark
Choose an option and start Wireshark. The analyzer screen looks like this
Report on Wireshark
The active screen of the tool shows Source IP, Destination IP, protocol which is being used, length of packet and information about it.
We can view the syntax and semantics of the protocol by selecting the protocol and expanding the data. Below is the screenshot of the DNS protocol which works on the UDP protocol, Internet protocol. The protocol details are marked in red box.
Report on Wireshark
Report on Wireshark
Report on Wireshark
Report on Wireshark
Sample Case
We have to analyze the website (phenix.5gbfree.com) with the help of Wireshark. We search through Wireshark for the http packets and view them. Some of the values of HTTP protocol are 1. 2. 3. 4. 5. Host: User Agent: Request Method: Request Version: Request Uri: phenix.5gbfree.com Mozilla/5.0 Get Http/1.1 /favicon.ico
This website includes a script that calls the Facebook, on load. In the snapshot below, we can see facebook.com getting called from the phenix.5gbfree.com.
Report on Wireshark
Coloring Rules
We can set the coloring rules for the protocols and also we can find some of the pre-defined coloring rules. Wireshark gives us the option to import and export the coloring rules. These coloring rules help us to identify the good and bad packets easily.
Purposes
People use Wireshark for: Learn network protocols Troubleshoot network problems Examine security problems People cant use Wireshark : As a intrusion detection system To manipulate the things on the network