Scribd Logo
Unggah

Selamat datang di Scribd!

  • WireShark Tutorial

    Diunggah oleh

    Okta Padita
    114 tayangan25 halaman
    This document provides a 23 step tutorial for using the network packet analyzer software Wireshark. The steps include downloading and installing Wireshark, selecting an interface to capture packets, starting a capture, filtering for HTTP traffic, and examining packet details like headers, payload data, and errors. Reassembly of packets broken into multiple frames is also demonstrated. The overall purpose is to analyze network traffic at the packet level, with a focus on capturing and examining a web page load as an example.

    Deskripsi Asli:

    Hak Cipta

    © Attribution Non-Commercial (BY-NC)

    Format Tersedia

    PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    This document provides a 23 step tutorial for using the network packet analyzer software Wireshark. The steps include downloading and installing Wireshark, selecting an interface to capture packets, starting a capture, filtering for HTTP traffic, and examining packet details like headers, payload data, and errors. Reassembly of packets broken into multiple frames is also demonstrated. The overall purpose is to analyze network traffic at the packet level, with a focus on capturing and examining a web page load as an example.

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    114 tayangan25 halaman

    WireShark Tutorial

    Diunggah oleh

    Okta Padita
    This document provides a 23 step tutorial for using the network packet analyzer software Wireshark. The steps include downloading and installing Wireshark, selecting an interface to capture packets, starting a capture, filtering for HTTP traffic, and examining packet details like headers, payload data, and errors. Reassembly of packets broken into multiple frames is also demonstrated. The overall purpose is to analyze network traffic at the packet level, with a focus on capturing and examining a web page load as an example.

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 25

    Basic WireShark Tutorial

    Made by. Peleg Holzmann


    DePaul University Chicago Illinois
    April 2009
    Step 1

    • Download the latest version of WireShark


    from www.wireshark.org
    Step 2

    • Install WireShark

    WireShark on the start menu as seen from Vista.


    Step 3

    • Start WireShark

    WireShark Splash Screen


    Step 4
    Step 5

    Select Start

    This shows the available interfaces. This screen


    will vary from computer to computer. For this
    tutorial we Marvell will Yukonbe using the “
    Ethernet Controller”. One simp
    Step 6

    This window shows the capture window when


    the capture first starts. One will notice no
    packets being displayed yet.
    Step 7

    It is important to remember to clear the


    computers memory of any stored web
    pages when doing packet analysis this
    ensures that the data captured is fresh
    and new. This can be found under
    options or preferences in many web
    browsers.

    For this example the following page was loaded


    in Firefox. One can use any browser with
    WireShark.
    Step 8

    Back in WireShark go to Capture/Stop. If you do


    not stop packets will continue to scroll through.
    For this example we have all the data we need.
    One needs to go to
    Step 9 Analyze/Display Filters.
    One can filter many types of
    common packer types.

    For this tutorial we are interested in just HTML traffic but


    the screen shows all traffic. Thus we will need to apply a
    filter which will display just the traffic we are interested in.
    Step 10

    This shows the filter window expanded so one can see all
    the packet types that can be filtered.
    Step 11

    For this tutorial we will choose HTTP packets only.


    Step 12

    Here we see just the HTML packets which were captured.


    Step 13
    Here one sees the
    type of packet and
    what it was doing.

    Here we see just the packets.


    Step 14

    The middle window shows the data TCP, IP Frame Number etc.
    Step 15

    The bottom window shows the RAW data in the packet/frame.


    Frame Number Step 16
    Total Frame Length

    Frame information.
    Step 17
    Destination Hardware
    Address (MAC)
    Source Hardware
    Address (MAC)

    Frame Type
    Frame information.
    Src = Source IP
    Step 18
    Address Dst = Destination IP
    Address

    Header Length

    Total Length

    Internet Protocol (IP) information.


    Source Port
    Step 19
    Destination Port

    Header Length

    Checksum Value

    Transmission Control Protocol (TCP) information.


    Step 20
    Notice the red
    highlight over the TCP
    packet. This indicates
    a error is present.

    Checksum
    ERROR!
    [Bad Checksum: True]

    Transmission Control Protocol (TCP) information.


    Example of ERROR in Checksum, this packet is BAD and will
    need to be re-sent.
    Step 21
    Frame 37 Frame 38
    1,460 Bytes 379 Bytes

    Here we see the “Reassembled” the frames


    framethat me
    were reassembled. This is due to fact that IP packet size is limited to 1,500 bytes and
    this packet was too large so it was broken down into (2) two separate packets. In this
    case #37 & #38.

    One can see that Frame 37 = 1,460 Bytes and Frame 38 is 379 Bytes.
    Together they are = 1,839 which is greater then 1,500 bytes.
    Step 22

    HTTP Data
    Step 23

    Web Page Contents


    End
    Please send comments & Questions to
    peleg@pelegit.com

    Anda mungkin juga menyukai