DEPARTMENT OF COMPUTER SCIENCE AND

ENGINEERING

PRESENTED BY

JYOTI PRAKHAR : 18M502

DEEPA RANI : 18M513
 Content:

 Introduction
 Prerequisite of Wireshark
 Features
 Downloading And Installation
 Capturing And Analysis of Packets
 Limitations
 References
 What is Wireshark?

 Network Packet Analyzer

try to capture network packets and tries to display that packet as detailed as
possible.
we think a network packet analyzer as a measuring device used to examined what
is going on inside the network.

 Best Open-Source packet analyzer

 Multi-platform (Windows, Linux, OS X, Solaris, FreeBSD,
NetBSD, and others)
 Easily extensible
 Previously Named “Ethereal”
 Prerequisite of Wireshark

 Hardware Requirements:
For Windows:
1) 32 bit onwards processors
2) 500 MB available RAM
3) 500 MB disk Space
4)1024*768 resolution with at least 16 bit color
For UNIX / LINUX:
System Requirements for unix and linux should be comparable to windows
values listed above.

 Software Requirements:
 The amount of resources, wireshark needs depends on your environment and on the size of the
captured file you are analyzing.
 Features:

 Features
 Available for UNIX and windows.

 Capture live packet data from a network interface.

 Filter and search packets on many criteria.

 Deep inspection of thousands of protocols.

 Standard three-pane packet browser.

 Colorize packet display based on filters.

 The most powerful display filters in the industry.

 Coloring rules can be applied to the packet list for quick,

intuitive analysis
 …and a lot more!.
Downloading And Installation
Cont…
Interface
Three Pane Packet Browser:

Packet
List

Packet
Details

Packet
Bytes
 Capturing Packets

 Double click on the interface button. It will start capturing packets

from network.
 Click on STOP to stop capturing.
 Analyzing Packet
 Ethernet Frame Example
 Cont…

 Ethernet
 Cont..

 IP Packet Example
 Cont…

 TCP Packet Example

 Packet Filter
Set filter: “ip.src==[your ip] or ip.dst==[your ip]”
It shows the packets sent from/to you.
 Packet Filter

 ARP filter
 Packet Filter

 Filtering http
 TCP SYN ATTACK

 Detect TCP SYN attack using filter

How TCP SYN attacks work.

TCP SYN 3way handshake TCP SYN attack

 TCP SYN ATTACK

 Display all SYN packets.

Set Filter “tcp.flags.syn==1 and tcp.flags.ack==0”
 TCP SYN ATTACK

 Display all packets with SYN+ACK.

Set filter: “tcp.flags.syn==1 and tcp.flags.ack==1”

This is a sign of TCP SYN attack.

 Applications:

 Network administrators: troubleshoot network

problems

 Network security engineers: examine security

problems

 Developers: debug protocol implementations

 People: learn network protocol internals

 Limitations:

 Handling of large file is not suitable for it.

 It is not recommending to always run Wireshark as

administrator.

 Can only gather information from the network, cannot send.

 It is not an Intrusion Detection system, it will not warns you

when someone does strange things on your network.

 It not manipulate things on the network. It will only

measure things from it.
 References

 Wireshark Website
 http://www.wireshark.org

 Wireshark Documentation
 http://www.wireshark.org/docs/

 Wireshark Wiki
 http://wiki.wireshark.org

 Network analysis Using Wireshark Cookbook

 http://www.amazon.com/Network-Analysis-Using-
Wireshark-Cookbook/dp/1849517649
Thank You