Vous êtes sur la page 1sur 6

Wire esharkLa ab1:Int troductio on

Wh hatisWire eshark?

Wireshark kisanetworkprotocolan nalyzer,alsok knownasane etworksniffe er.Formerlyk knownasEthereal, wireshark kisacomputerapplicationthatcaptur resanddecod despacketso ofinformationfromanetwork. Wireshark can captu live netw ure work traffic o read data from a file and translat the data t be or te to 1 dinaformattheusercanunderstand . presented

Wh hyWiresha ark?
Wireshark kisavaluabletoolforad dministrators thatallowst themtomon nitoralltraffic cthatpasses sona network.Itisveryusef fulforanalyzi ing,diagnosin ngandtroubl leshootingproblemsthatm mayoccur. turesofwires shark 2 : Somefeat Data can be captured from a network connection or read from previous re c m m ecords of cap ptured pa ackets. Li ivedatacan bereadfrom mEthernet,FD DDI,PPP,tok kenring,IEEE E802.11,clas ssicalIPover ATM, an ndloopback interfaces(at tleastonsom meplatforms;notallofth hosetypesaresupported onall platforms). Capturedfiles canbe prog grammatically yeditedorco onvertedvia commandlin neswitchest tothe "e editcap"prog gram. Capturednetw workdatacan nbebrowsedviaaGUI,or rviatheterm minal(comma andline)versi ionof th heutility,tsha ark. Displayfiltersc canalsobeusedtoselecti ivelyhighlightandcolorpa acketsumma aryinformatio on. Datadisplayca anberefinedusingadisplayfilter. . Hundredsofprotocolscanbedissected.

1 2

netsecuri ity.about.com/ /od/securitytoolprofiles/p/w wireshark.htm en.wikipe edia.org/wiki/W Wireshark

Comput terNetworksandInternets sbyDouglasComer


20 009PearsonEd ducationInc.,UpperSaddleRiver,NJ.Allrightsreserved. .

Supervise edbyLamiKa ayaandPrepa aredbyMuna aOckba

WiresharkLa ab:Introduct tion

HowtogetW Wireshark?
The lates copy/version of wireshark can be found on the st e officialwe ebsite: http://ww ww.wireshark k.org Eachdow wnloadpackag gecomeswith hthelatestpcap(alsokno ownaslibcap) )forUNIXoperatingsystemsor WinPcap,adevicedriv veranddynam miclinklibrar ry(DLL)thatp providesapca apinterfacef forWindows programs swhichisrequiredforlivepacketcaptu ure. Ifneeded,thelatestre eleaseofWinPcapcanbef foundon:htt tp://www.win npcap.org/ins stall/default.h htm

Gettingstarte edwithWireshark
Wireshar has a frien rk ndly graphica user interf al face (GUI) thatmake esiteasierfo ortheuserto oanalyzeand ddiagnose packetsth hatarepassin ngthroughth henetwork. No data will initially be displayed when the user runs d wireshark k. The environment an usage o wireshark will be nd of k explained dfurtherinthisdocument. . apturingpack ketsyouneed dtoselectthe einterfacewhichisconne ectedtothenetwork. Tostartca Thiscanb bedonebych hoosingCaptu ure>>Interfa acesfromtheMenubar.

ComputerNetworksandInternetsb byDouglasCo omer


2009 9PearsonEduc cationInc.,UpperSaddleRiv ver,NJ.Allright tsreserved.

SupervisedbyLamiKaya aandPrepare edbyMunaO Ockba

OrbyclickingthefirsticonontheCommandsmenu

WiresharkLab:Introduction

Interfaces

ThedifferentinterfacesavailablethatWinPcapdriverseesinthemachineareshownandyoucaneither clickstartorclickoptionsformoreoptionsregardingcapturingpacketsbeforestartingthecapture.

ThefollowingfigurerepresentstheCaptureOptionsWindow

2 3 4

ComputerNetworksandInternetsbyDouglasComer
2009PearsonEducationInc.,UpperSaddleRiver,NJ.Allrightsreserved.

SupervisedbyLamiKayaandPreparedbyMunaOckba

WiresharkLab:Introduction

Switchbetweendifferentinterfaces.YoucanonlycaptureononeoftheinterfacesthatWiresharkfound onthesystematatime. CapturepacketsinpromiscuousmodecheckboxallowsWiresharknotonlytocapturethepacketsgoing toorfromyourcomputer,butalsoallpacketsonyourLANsegment. Limit each packet to n bytes field allows you to specify the maximum amount of data that will be capturedforeachpacket,andissometimesreferredtoasthesnaplen 3 . Capture filters are to be explained thoroughly in the next document. The default is not choosing any filterswhencapturing. DisplayOptions: Updatelistofpacketsinrealtimeto displaythepacketsrightawayonce captured.Ifit isnotchosen Wireshark will display the packets captured when you stop the capture. It is important to know that choosingthisoptiondecreasestheabilitytocapturepacketsinhighrates. Automaticscrollinginlivecaptureautomaticallyscrollsdowntothelastpacketcaptured.Ifthisoptionis not chosen Wireshark adds new packets to the end of the list, but does not scroll to the end of the packetspane.Youcantogglethisofffromthecommandsmenuatanytimeasshowninthefollowing page. Hidecaptureinfodialog:Toggleon/offtohide/showthecaptureinfodialogwhilecapturing.

NameResolutionOptions: Enable MAC name resolution option: Toggle on/off to allow whether Wireshark translates MAC addressesintonamesornot. Enablenetworknameresolutionoption:Toggleon/offtoallowwhetherWiresharktranslatesnetwork addressesintonamesornot. Enabletransportnameresolutionoption:Toggleon/offtoallowwhetherWiresharktranslatestransport addressesintoprotocolsornot.

http://www.wireshark.org/docs/wsug_html_chunked/ChCapCaptureOptions.html#ChCapCaptureOptionsDialog

ComputerNetworksandInternetsbyDouglasComer
2009PearsonEducationInc.,UpperSaddleRiver,NJ.Allrightsreserved.

SupervisedbyLamiKayaandPreparedbyMunaOckba

CommandsMenu Summary Pane

WiresharkLab:Introduction

CaptureInfoDialog

Details Pane PacketContentin Hexadecimal

1 2 3 4 5 6 7 8 9

1 2 3 4 5 6 7 8 9

Listavailablecaptureinterfaces Showthecaptureoptions Startanewlivecapture Stoptherunninglivecapture Restarttherunninglivecapture Colorizepacketlist(Togglebutton) Autoscrollpacketlistinlivecapture(Togglebutton) Editpreferences Showsomehelp ComputerNetworksandInternetsbyDouglasComer
2009PearsonEducationInc.,UpperSaddleRiver,NJ.Allrightsreserved.

SupervisedbyLamiKayaandPreparedbyMunaOckba

WiresharkLab:Introduction

An interesting way to set up the environment in wireshark to a default interface and some default optionsinsteadofchoosingthemeachandeverytimeyourunwiresharkisbyclickingthepreferences iconfromthecommandsmenuandchoosingtheCapturetab. OptionssimilartothosefoundintheCaptureoptionsdialogboxcanbefound.

ComputerNetworksandInternetsbyDouglasComer
2009PearsonEducationInc.,UpperSaddleRiver,NJ.Allrightsreserved.

SupervisedbyLamiKayaandPreparedbyMunaOckba

Vous aimerez peut-être aussi