Scribd
Upload
30 views

IT304 Lab 1 Introduction To Wireshark.: 1 To Study and Analyze Network Interface Through Wireshark

The document introduces Wireshark, a network packet analyzer tool. It describes how to install Wireshark, how to capture and filter network packets using its graphical user interface. Key points covered include the uses of Wireshark, installation instructions, how to start and stop a packet capture, save captures, and apply filters to analyze specific packet types and properties. The document concludes with exercises instructing the user to identify interfaces, capture packets from an interface, and apply TCP packet length filters.

Uploaded by

LAKSHYA SINGH
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
30 views

IT304 Lab 1 Introduction To Wireshark.: 1 To Study and Analyze Network Interface Through Wireshark

The document introduces Wireshark, a network packet analyzer tool. It describes how to install Wireshark, how to capture and filter network packets using its graphical user interface. Key points covered include the uses of Wireshark, installation instructions, how to start and stop a packet capture, save captures, and apply filters to analyze specific packet types and properties. The document concludes with exercises instructing the user to identify interfaces, capture packets from an interface, and apply TCP packet length filters.

Uploaded by

LAKSHYA SINGH
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

IT304

LAB 1
Introduction to wireshark.

1 To study and analyze Network Interface through Wireshark.


1.1 Wireshark
Wireshark is a network packet analyzer. A network packet analyzer presents captured packet data in as much
detail as possible. You could think of a network packet analyzer as a measuring device for examining what’s
happening inside a network cable, just like an electrician uses a voltmeter for examining what’s happening
inside an electric cable.

1.2 Uses of Wireshark


• Network administrators use it to troubleshoot network problems

• Network security engineers use it to examine security problems

• QA engineers use it to verify network applications

• Developers use it to debug protocol implementations

• People use it to learn network protocol internals

1.3 Installation steps:


Go to http://www.wireshark.org/download.html and download and install the Wireshark binary for your com-
puter.

1.4 Running Wireshark:


1. When you run the Wireshark, the Wireshark graphical user interface shown in figure 1 below will be
displayed.

2. Select the interface which one is running in your machine. You would be able to see the window as shown
in figure 2.

3. Start Capture
Click the start button next to the desired interface. Captured traffic will be displayed in the packet list
pane.

4. Stop the capture.


Select Capture == Stop

1
Figure 1: Snapshot of starting window

2
Figure 2: Snapshot of UI of Wireshak

3
Figure 3: Snapshot of capture packet

5. Saving Capture
Once the capture has been stopped select File == Save As.
From the save dialog you can specify file type and which packets to save via the packet range menu

6. Trace file called pcap file as shown below. pcap = Packet Capture
Most widely used packet capture format.

1.5 How to use filter in Wireshark.


• Packets captures usually contain many packets irrelevant to the specific analysis task.
• To remove these packets from display or from the capture Wireshark provides the ability to create
filters.
• Filters are evaluted against each individual packet.
• Supports regular expressions.
• Can either be manually constructed, composed via the Expressions menu or composed based on a
selected packet’s properties.

4
1.6 How to build correct filters.
• Field name – selects the packet property.
• Relation – selects the Boolean test.
• Predefined values – common values against which the selected packet property is tested.
• Value – Arbitrary Textual or Numeric value against which the selected packet property is tested.
• For ex;
http.request – Display all HTTP requests.
http.request || http.response – Display all HTTP request and responses.
ip.addr == 127.0.0.1 – Display all IP packets whose source or destination is localhost.

1.7 Compound filters

Filters can be composed of multiple tests joined with boolean connectives.

• && - logical conjuction (i.e. AND)


• || - logical disjunction (i.e OR)
• ! - logical negation (i.e. NOT)

For ex;
tcp.len < 100 – Display all TCP packets whose data length is less than 100 bytes.

1.8 Significant of Filter Text Box


• Green – valid filter

• Red – invalid filter

• Yellow – may produce unexpected results

2 Exercise
1. what are the interfaces shown on your default screen?

2. Begin packet capturing by selecting an interface that is being used to send and receive packets.

3. Filter out all the TCP packets and capture the screen.

4. Filter out all the TCP data packets which has packet length more than 30 bytes.

You might also like