packet analysis using wireshark
TRANSCRIPT
![Page 1: Packet analysis using wireshark](https://reader036.vdocuments.us/reader036/viewer/2022062503/587e93df1a28ab672b8b640d/html5/thumbnails/1.jpg)
PACKET ANALYSIS USING WIRESHARK
CEHTWITTER:@BASAVESWARK
![Page 2: Packet analysis using wireshark](https://reader036.vdocuments.us/reader036/viewer/2022062503/587e93df1a28ab672b8b640d/html5/thumbnails/2.jpg)
WHAT IS WIRESHARK ?WIRESHARK IS A FREE AND OPEN SOURCE PACKET ANALYZER. IT IS USED FOR NETWORK TROUBLESHOOTING, ANALYSIS, SOFTWARE AND COMMUNICATIONS PROTOCOL DEVELOPMENT, AND EDUCATION
![Page 3: Packet analysis using wireshark](https://reader036.vdocuments.us/reader036/viewer/2022062503/587e93df1a28ab672b8b640d/html5/thumbnails/3.jpg)
FEATURES• DEEP INSPECTION OF HUNDREDS OF PROTOCOLS, WITH MORE BEING ADDED ALL THE TIME• LIVE CAPTURE AND OFFLINE ANALYSIS• MULTI-PLATFORM: RUNS ON WINDOWS, LINUX, MACOS, SOLARIS, FREEBSD, NETBSD, AND MANY
OTHERS• CAPTURED NETWORK DATA CAN BE BROWSED VIA A GUI, OR VIA THE TTY-MODE TSHARK UTILITY• THE MOST POWERFUL DISPLAY FILTERS IN THE INDUSTRY• RICH VOIP ANALYSIS• READ/WRITE MANY DIFFERENT CAPTURE FILE FORMATS: TCPDUMP (LIBPCAP), PCAP NG, CATAPULT
DCT2000, CISCO SECURE IDS IPLOG, MICROSOFT NETWORK MONITOR, NETWORK GENERAL SNIFFER® (COMPRESSED AND UNCOMPRESSED), SNIFFER® PRO, AND NETXRAY®, NETWORK INSTRUMENTS OBSERVER, NETSCREEN SNOOP, NOVELL LANALYZER, RADCOM WAN/LAN ANALYZER, SHOMITI/FINISAR SURVEYOR, TEKTRONIX K12XX, VISUAL NETWORKS VISUAL UPTIME, WILDPACKETS ETHERPEEK/TOKENPEEK/AIROPEEK, AND MANY OTHERS
• CAPTURE FILES COMPRESSED WITH GZIP CAN BE DECOMPRESSED ON THE FLY• COLORING RULES CAN BE APPLIED TO THE PACKET LIST FOR QUICK, INTUITIVE ANALYSIS• OUTPUT CAN BE EXPORTED TO XML, POSTSCRIPT®, CSV, OR PLAIN TEXT
![Page 4: Packet analysis using wireshark](https://reader036.vdocuments.us/reader036/viewer/2022062503/587e93df1a28ab672b8b640d/html5/thumbnails/4.jpg)
CAPTURING LIVE TRAFFIC
![Page 5: Packet analysis using wireshark](https://reader036.vdocuments.us/reader036/viewer/2022062503/587e93df1a28ab672b8b640d/html5/thumbnails/5.jpg)
COLORING RULES
![Page 6: Packet analysis using wireshark](https://reader036.vdocuments.us/reader036/viewer/2022062503/587e93df1a28ab672b8b640d/html5/thumbnails/6.jpg)
DISPLAY FILTERS• Filter specific addresses
ip.addr == 192.168.1.5ip.src ==192.168.1.5ip.dest ==192.168.1.5
• Filter specific protocolsdns || http (OR) dns or http
• Filter specific portstcp.port == 443udp.port == 1234
• Identity TCP issues, packet losstcp.analysis.flag
• Cleaning up or Pruning noise !(arp or dns or icmp)
![Page 7: Packet analysis using wireshark](https://reader036.vdocuments.us/reader036/viewer/2022062503/587e93df1a28ab672b8b640d/html5/thumbnails/7.jpg)
DISPLAY FILTERS (CONTINUED)• Follow tcp stream
tcp.stream eq 32
• DNS Queriesudp contains facebook
• HTTP Request/Responseshttp.request http.response.code == 200
• TCP Traffic flagstcp.flags.syn == 1tcp.flags.reset == 1
• SIP Traffic sip
rtp
![Page 8: Packet analysis using wireshark](https://reader036.vdocuments.us/reader036/viewer/2022062503/587e93df1a28ab672b8b640d/html5/thumbnails/8.jpg)
DEMO TIME
![Page 9: Packet analysis using wireshark](https://reader036.vdocuments.us/reader036/viewer/2022062503/587e93df1a28ab672b8b640d/html5/thumbnails/9.jpg)
SOME QUICK SHORTCUTS
![Page 10: Packet analysis using wireshark](https://reader036.vdocuments.us/reader036/viewer/2022062503/587e93df1a28ab672b8b640d/html5/thumbnails/10.jpg)
USE CASE # 1VOIP CALL RECORDING
![Page 11: Packet analysis using wireshark](https://reader036.vdocuments.us/reader036/viewer/2022062503/587e93df1a28ab672b8b640d/html5/thumbnails/11.jpg)
USE CASE # 1VOIP CALL RECORDING (CONTINUED..)
![Page 12: Packet analysis using wireshark](https://reader036.vdocuments.us/reader036/viewer/2022062503/587e93df1a28ab672b8b640d/html5/thumbnails/12.jpg)
USE CASE # 1VOIP CALL RECORDING (CONTINUED..)
![Page 13: Packet analysis using wireshark](https://reader036.vdocuments.us/reader036/viewer/2022062503/587e93df1a28ab672b8b640d/html5/thumbnails/13.jpg)
USE CASE # 2DNS QUERY
![Page 14: Packet analysis using wireshark](https://reader036.vdocuments.us/reader036/viewer/2022062503/587e93df1a28ab672b8b640d/html5/thumbnails/14.jpg)
USE CASE # 2DNS QUERY (CONTINUED)
![Page 15: Packet analysis using wireshark](https://reader036.vdocuments.us/reader036/viewer/2022062503/587e93df1a28ab672b8b640d/html5/thumbnails/15.jpg)
USE CASE # 3TROUBLESHOOTING INTERNET ACCESS ISSUE(UNABLE TO ACCESS A PARTICULAR MUSIC SITE)
![Page 16: Packet analysis using wireshark](https://reader036.vdocuments.us/reader036/viewer/2022062503/587e93df1a28ab672b8b640d/html5/thumbnails/16.jpg)
USE CASE # 4UNDERSTANDING SSL FLOW
![Page 17: Packet analysis using wireshark](https://reader036.vdocuments.us/reader036/viewer/2022062503/587e93df1a28ab672b8b640d/html5/thumbnails/17.jpg)
USE CASE # 4UNDERSTANDING SSL FLOW (CONTINUED..)
![Page 18: Packet analysis using wireshark](https://reader036.vdocuments.us/reader036/viewer/2022062503/587e93df1a28ab672b8b640d/html5/thumbnails/18.jpg)
REFERENCES• https://
en.wikipedia.org/wiki/Wireshark• https://www.wireshark.org/• Practical Packet Analysis by by
Chris Sanders• https://
www.youtube.com/watch?v=68t07-KOH9Y
• https://en.wikipedia.org/wiki/User_Datagram_Protocol
• https://en.wikipedia.org/wiki/Transmission_Control_Protocol
• http://www.informatics.buzdo.com/_images/f912-1.gif
• http://1.bp.blogspot.com/-gTRV25VTdb8/T55rvji6cEI/AAAAAAAACXM/9clbBo-y0nY/s1600/dnslookups.png
![Page 19: Packet analysis using wireshark](https://reader036.vdocuments.us/reader036/viewer/2022062503/587e93df1a28ab672b8b640d/html5/thumbnails/19.jpg)
APPENDIX
![Page 20: Packet analysis using wireshark](https://reader036.vdocuments.us/reader036/viewer/2022062503/587e93df1a28ab672b8b640d/html5/thumbnails/20.jpg)
APPENDIX (CONTINUED)