1 of 31

PACKET SNIFFER.

  • A packet sniffer is a piece of software that should be running in parallel with the application whose packets needed to be analyzed.
  • a packet-sniffer software is normally has two components: a packet-capturer and a packet-analyzer. The packet-capturer captures a copy of all outgoing and incoming frames (at the data-link layer) and passes them to the packet-analyzer. The packet analyzer can then extract different headers and the ultimate message for analysis.

2 of 31

3 of 31

WIRESHARK

  • a packet-sniffer called Wireshark.
  • Wireshark is a free packet sniffer/analyzer which is available for both UNIX-like (Unix, Linux, Mac OS X, BSD, and Solaris) and Windows operating systems. It captures packets from a network interface and displays them with Windows operating systems.
  • It captures packets from a network interface and displays them with detailed protocol information. Wireshark, however, is a passive analyzer. It only captures packets without manipulate them; it neither sends packets to the network nor does other active operations.
  • Wireshark is not an intrusion-detection tool either. It does not give warning about any network intrusion. It, nevertheless, can help network administrators to figure out what is going on inside a network and to troubleshoot network problems.

4 of 31

DOWNLOADING AND INSTALLING

  • To download the Wireshark software, connect to the Internet using the website:
  • https://www.wireshark.org/download.html

  • After the downloading is complete, install the software on your computer. If you have
  • any problem in downloading or installing, you can consult the following site for more
  • information:
  • https://wiki.wireshark.org/CaptureSetup

5 of 31

6 of 31

7 of 31

8 of 31

9 of 31

10 of 31

11 of 31

12 of 31

13 of 31

14 of 31

15 of 31

16 of 31

17 of 31

18 of 31

19 of 31

20 of 31

21 of 31

MAIN WINDOW

  • he Wireshark window is made of seven sections: title bar, menu bar, filter bar,
  • packet list pane, packet detail pane, packet byte pane, and status bar. We briefly
  • discuss the functionality of each section below:

22 of 31

TITLE BAR

  • The title bar (like the one in any GUI) shows the title of the window, the closing, maximizing, and minimizing icons.

23 of 31

MENU BAR

  • The menu bar is made of several pulldown menus and tool bars used in most GUIs. We
  • will using some of these menus in our lab assignments. We can use the File menu to
  • perform some actions on the file itself such as saving and printing. The Capture menu
  • is used to start and capturing frames. The View menu is useful to show or hide some of
  • the sections in the window.

24 of 31

FILTER BAR

  • The filter bar allows us to display packet we are interested in while hiding the rest.

25 of 31

26 of 31

IP.ADDR == 8.8.8.8

27 of 31

run command: nslookup google.com

28 of 31

TCP.PORT == 80 || UDP.PORT == 80

29 of 31

IP.SRC == 10.65.26.146

30 of 31

IP.DST == 10.65.26.146

31 of 31