Versions Compared

Version Old Version 1 New Version Current
Changes made by

Priyank Dhadhal

awimalasatya

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

There can be instances where we may require analysing analyzing the network traffic so as to find the cause of the problem.  To do this we can use WireSharkWireshark.  

Wireshark is a network protocol analyzer. It is "free software", you can download from

http://www.wireshark.org/download.html

1.jpgImage RemovedImage Added

Following are the steps that may be helpful in using Wireshark:

 


1. First select the network interface you want to listen for to the traffic.

For that either click 'Interface List' on the main window or go to Capture arrow.jpgImage Removed Select Interfaces arrow.jpgImage Removed Select Options… arrow.jpgImage Removed Select Image Added Select Interfaces Image Added Select Options… Image Added Select an appropriate network interface

2.jpgImage RemovedImage Added

2. Click 'Start' button arrow.jpgImage Removed You Image Added You will see the network traffic for that interface in the window

3.jpgImage RemovedImage Added

3. Filters can be applied so as to view only packets that are of importance.

To apply a filter arrow.jpgImage Removed write Image Added write the filter expression in the Filter Window arrow.jpgImage Removed Press Image Added Press 'Enter' or 'Apply'.

Some common filters are:-

  1. ‘tcp’ = for viewing TCP packets only.
  2. ‘udp’  = for viewing UDP packets only.
  3. ‘sip’ = for viewing SIP packets only.
  4. ‘ip.src == <ip address>’ = for viewing traffic coming from a specific ip address only.
  5. ‘ip.dst == <ip address>’ = for viewing traffic going to a specific ip IP address only.

4. Once we have captured the packets, we can stop listening to network traffic by pressing 'Stop' button or by going to the menu 'Capture arrow.jpgImage Removed Stop Image Added Stop'.

All the filters can be applied together with different logical operators like '&&' for 'And' operation, '||' for 'Or' operation, '!' for 'Not' operation etc.

There are many other filters that may be used. Please refer to Wireshark's help for more details.

4.jpgImage RemovedImage Added

5. To Analyse Analyze a packet arrow.jpgImage Removed Select Image Added Select the packet you want to view arrow.jpgImage Removed its Image Added its information will then be displayed in the middle pane.

arrow.jpgImage RemovedImage Added You can then click on any item in the middle pane arrow.jpgImage Removed its Image Added its information will be displayed in the bottom pane.

6. To copy any data 'bytes' arrow.jpgImage Removed Image Added Right-click on that data arrow.jpgImage Removed Go Image Added Go to Copy arrow.jpgImage Removed Bytes arrow.jpgImage Removed Image Added Bytes Image Added Printable Text Only (This will copy the data in a readable text form)

5.jpgImage RemovedImage Added