Report On Wireshark

Download as pdf or txt
Download as pdf or txt
You are on page 1of 9
At a glance
Powered by AI
The key takeaways are that Wireshark is a network protocol analyzer that can be used to capture and analyze packets on a network. It runs on multiple platforms and allows for live packet capture, offline analysis, and filtering of packets.

Some of the features of Wireshark are that it is multi-platform, allows for deep inspection of protocols, live capture and offline analysis of network data, coloring rules for packet lists, and export of captured data to various formats.

Packets in Wireshark can be filtered using the drop down box to select protocols, source/destination IPs, etc. Expression-based filtering and relations between values can also be used to filter packets.

Master of Technology in Department of Information Technology

Report On

Submitted to: Mr. Gaurav Prasad

Submitted by: Arpit Bhargava

Report on Wireshark

Introduction
Wireshark is the worlds foremost network protocol analyzer and is the standard across many industries and educational institutions. The work of the network packet analyzer is the capture the packet that flows in network and try to display the packet data in detail. Network packet analyzer is a measuring device used to examine whats going on inside the network. Wireshark is one of the best open source packet analyzers available.

Features
Some of the features of Wireshark are: Multi-platform-Runs on Windows ,Linux ,Solaris, etc Deep inspection of protocol Live capture and off-line analysis Captured network data can be analyzed through GUI mode or TShark utility Coloring rules can be applied to the packet list for quick analysis Import packets from text files containing packet data Output can be exported to plaintext, csv, xml format etc. Data display can be refined with the help of filter Works under wired and wireless network Save packet captured data

Working
When we start the wireshark after installing it, the home page will get open. It will ask you to Choose one or more interfaces to capture from.

Report on Wireshark

Choose an option and start Wireshark. The analyzer screen looks like this

Report on Wireshark

The active screen of the tool shows Source IP, Destination IP, protocol which is being used, length of packet and information about it.

How to view packets


Select the packet to view the details of the packet or double click the packet to view it in separate screen. We can see the details about the protocols that are being used by that packet such as TCP, IP, etc.

We can view the syntax and semantics of the protocol by selecting the protocol and expanding the data. Below is the screenshot of the DNS protocol which works on the UDP protocol, Internet protocol. The protocol details are marked in red box.

Report on Wireshark

How to filter packets


Dropbox is available on the top-left side of the tool to filter the content. We can type the protocol, source ip ,destination ip etc that we want to view and then press the apply button or press Enter. In some time tool, will filter the packets and show only that protocol packets on the screen. Like if suppose you select the tcp protocol, tools screen will show only tcp packets as output. (You can see the filter with tcp as selected in red box). You can also use the Expression button for filtering the packets. Filter Expression (pop-up window) assist you to get the command and protocol for filter the packets. The facility to create a relation is also present where values are assigned to the protocols.

Report on Wireshark

How to capture packets in promiscuous mode


Normally the network receives the packet that are directly address to the interface. Promiscuous mode allows the interface to receive all packets whether they are addressed to interface or not. By default, the promiscuous mode is disabled. But we can enable it through the capture menu and selecting the options in that. It will open another window and there we have to check the Use promiscuous mode on all interfaces (marked in red).

Report on Wireshark

Import the captured packets


Wireshark gives us the flexibility to save the capture packets and analyzing it later by import the captured packets. We can import the packet from the Hex Dump option in the File menu. We can see the summary of the captured packet from the Summary option available in the Statistics menu. It will give the detailed description of the captured packet about the capture timings, stored location, captured on which OS, name of the file, file length and many more.

Report on Wireshark

Sample Case
We have to analyze the website (phenix.5gbfree.com) with the help of Wireshark. We search through Wireshark for the http packets and view them. Some of the values of HTTP protocol are 1. 2. 3. 4. 5. Host: User Agent: Request Method: Request Version: Request Uri: phenix.5gbfree.com Mozilla/5.0 Get Http/1.1 /favicon.ico

This website includes a script that calls the Facebook, on load. In the snapshot below, we can see facebook.com getting called from the phenix.5gbfree.com.

Report on Wireshark

Coloring Rules
We can set the coloring rules for the protocols and also we can find some of the pre-defined coloring rules. Wireshark gives us the option to import and export the coloring rules. These coloring rules help us to identify the good and bad packets easily.

Purposes
People use Wireshark for: Learn network protocols Troubleshoot network problems Examine security problems People cant use Wireshark : As a intrusion detection system To manipulate the things on the network

You might also like