Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireshark Tutorial KUAS, Hao-Xiang Gu.

Published byMelanie Osborne Modified over 6 years ago

Similar presentations

Presentation on theme: "Wireshark Tutorial KUAS, Hao-Xiang Gu."— Presentation transcript:

1 Wireshark Tutorial KUAS, Hao-Xiang Gu

2 Outline Introduction Resource User interface Filter Try it Yourself
Reference

3 Introduction What’s Wireshark? Purpose: Other:
It’s a free and open source packet analyzer. Purpose: It is used for network troubleshooting, analysis, software and communications protocol development, and education. Other: Originally named Ethereal, the project was renamed Wireshark in May due to trademark issues.

4 Resource Website Software Download Wireshark forum
Software Download Wireshark forum Wireshark User’s Guide

5 User interface UI Menu Main toolbar Filter toolbar Packet List pane
Packet Details pane Packet Bytes pane

6 Display Filter comparison operators
English C-like Description and example eq = = Equal. ip.src== ne ! = Not equal. ip.src!= gt Greater than. frame.len > 10 lt Less than. frame.len < 128 ge > = Greater than or equal to. frame.len ge 0x100 le < = Less than or equal to. frame.len <= 0x20 contains Protocol, field or slice contains a value. sip.To contains "a1762" matches ~ Protocol or text field match Perl regualar expression. http.host matches "acme\.(org|com|net)" bitwise_and & Compare bit field value. tcp.flags & 0x02

7 Try it Yourself OSI model Layer name Protocol Layer 1 Physical Layer
Data Link Layer Address Resolution Protocol, ARP Layer 3 Network Layer Internet Control Message Protocol, ICMP Layer 4 Transport Layer Transmission Control Protocol, TCP User Datagram Protocol, UDP Layer 5 Session Layer Layer 6 Presentation Layer Layer 7 Application Layer Domain Name System, DNS Bootstrap Protocol, BOOTP Dynamic Host Configuration Protocol, DHCP Hypertext Transfer Protocol, HTTP

8 Address Resolution Protocol ARP
ARP Header Offsets Octet 1 2 3 Bit  0  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Hardware type Protocol type 4 32 Hardware address length Protocol address length Opcode 8 64 Source hardware address 96 Source protocol address 128 Destination hardware address 160 Destination protocol address 192 Data

9 Internet Control Message Protocol ICMP
ICMP Header Offsets Octet 1 2 3 Bit  0  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Type Code Checksum 4 32 Rest of Header

10 Transmission Control Protocol TCP
TCP Header Offsets Octet 1 2 3 Bit  0  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Source port Destination port 4 32 Sequence number 8 64 Acknowledgment number (if ACK set) 96 Data offset Reserved 0 0 0 N S C W R E C E U R G A C K P S H R S T S Y N F I N Window Size 128 Checksum Urgent pointer (if URG set) 20 ... Options (if data offset > 5. Padded at the end with "0" bytes if necessary.) ... tcp

11 User Datagram Protocol UDP
UDP Header Offsets Octet 1 2 3 Bit  0  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Source port Destination port 4 32 Length Checksum udp

12 Domain Name System DNS [1] : Query/Response Flag
DNS Format Offsets Octet 1 2 3 Bit  0  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Identifier [1] Operation Code [2] [3] [4] [5] Zero Response Code 4 32 Question Count Answer Record Count 8 64 Authority Record Count Additional Record Count dns Question Count: Specifies the number of questions in the Question section of the message. Answer Record Count: Specifies the number of resource records in the Answer section of the message. Authority Record Count: Specifies the number of resource records in the Authority section of the message. Additional Record Count: Specifies the number of resource records in the Additional section of the message. [1] : Query/Response Flag [2] : Authoritative Answer Flag [3] : Truncation Flag [4] : Recursion Desired [5] : Recursion Available

13 Bootstrap Protocol BOOTP
BOOTP Format Offsets Octet 1 2 3 Bit  0  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Operation Code Hardware type Hardware Address Length Hops 4 32 Transaction Identifier 8 64 Seconds [1] Reserved 96 Client IP Address 128 “Your” IP Address 160 Server IP Address 192 Gateway IP Address 224 Client Hardware Address 44 352 Server Name 108 864 Boot Filename 236 - 300 1888 2400 Vendor-Specific Area Bootp.dhcp [1] : Broadcast Flag

14 Dynamic Host Configuration Protocol DHCP
DNS Format Offsets Octet 1 2 3 Bit  0  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Operation Code Hardware type Hardware Address Length Hops 4 32 Transaction Identifier 8 64 Seconds [1] Reserved 96 Client IP Address 128 “Your” IP Address 160 Server IP Address 192 Gateway IP Address 224 Client Hardware Address 44 352 Server Name 108 864 Boot Filename 236 1888 Options …. Bootp.dhcp [1] : Broadcast Flag

15 DHCP Simulation

16 Hypertext Transfer Protocol HTTP
http.host==“website“

17 Reference

18 HTTP https://en.wikipedia.org/wiki/List_of_HTTP_status_codes
HTTP response status codes 1xx Informational responses 2xx Success 3xx Redirection 4xx Client errors 5xx Server errors

Download ppt "Wireshark Tutorial KUAS, Hao-Xiang Gu."

Similar presentations

Chapter 16. Windows Internet Name Service(WINS) Network Basic Input/Output System (NetBIOS) N etBIOS over TCP/IP (NetBT) provides commands and support.

Chapter 16. Windows Internet Name Service(WINS) Network Basic Input/Output System (NetBIOS) N etBIOS over TCP/IP (NetBT) provides commands and support.
21.1 Chapter 21 Network Layer: Address Mapping, Error Reporting, and Multicasting Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

21.1 Chapter 21 Network Layer: Address Mapping, Error Reporting, and Multicasting Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Introduction1-1 message segment datagram frame source application transport network link physical HtHt HnHn HlHl M HtHt HnHn M HtHt M M destination application.

Introduction1-1 message segment datagram frame source application transport network link physical HtHt HnHn HlHl M HtHt HnHn M HtHt M M destination application.
CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.

CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.
Lecture # 14 TCP/IP - UDP Computer Communication & Networks.

Lecture # 14 TCP/IP - UDP Computer Communication & Networks.
BOOTP and DHCP Shivkumar Kalyanaraman Rensselaer Polytechnic Institute

BOOTP and DHCP Shivkumar Kalyanaraman Rensselaer Polytechnic Institute
1 Application TCPUDP IPICMPARPRARP Physical network Application TCP/IP Protocol Suite.

1 Application TCPUDP IPICMPARPRARP Physical network Application TCP/IP Protocol Suite.
Source Port # (16)Destination Port # (16) Sequence Number (32 bits) Acknowledgement Number (32 bits) Hdr Len (4) Flags (6)Window Size (16) Options (if.

Source Port # (16)Destination Port # (16) Sequence Number (32 bits) Acknowledgement Number (32 bits) Hdr Len (4) Flags (6)Window Size (16) Options (if.
Chapter 3 Review of Protocols And Packet Formats

Chapter 3 Review of Protocols And Packet Formats
Network Layer4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side,

Network Layer4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side,
Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.

Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 12 Transmission Control Protocol (TCP) Basics.

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 12 Transmission Control Protocol (TCP) Basics.
CS 350 Chapter-6. A brief history of TCP/IP 1983 TCP/IP came to ARPAnet ARPAnet and MILNET dissolved in 1990 BSD UNIX.

CS 350 Chapter-6. A brief history of TCP/IP 1983 TCP/IP came to ARPAnet ARPAnet and MILNET dissolved in 1990 BSD UNIX.
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.

Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.
University of Calgary – CPSC 441.  Wireshark (originally named Ethereal)is a free and open-source packet analyzer.  It is used for network troubleshooting,

University of Calgary – CPSC 441.  Wireshark (originally named Ethereal)is a free and open-source packet analyzer.  It is used for network troubleshooting,
Packet Analysis with Wireshark

Packet Analysis with Wireshark
資 管 Lee Application Layer and Client-Server Model A3.

資 管 Lee Application Layer and Client-Server Model A3.
CPSC 441 Tutorial TA: Fang Wang The content of these slides are taken from CPSC 526 TUTORIAL by Nashd Safa (Extended and partially modified)

CPSC 441 Tutorial TA: Fang Wang The content of these slides are taken from CPSC 526 TUTORIAL by Nashd Safa (Extended and partially modified)
DHCP Dynamic Host Configuration Protocol. 2003-2004 - Information management 2 Groep T Leuven – Information department 2/18 Agenda Introduction BOOTP.

DHCP Dynamic Host Configuration Protocol Information management 2 Groep T Leuven – Information department 2/18 Agenda Introduction BOOTP.
Network Protocols.

Network Protocols.

Similar presentations

Ads by Google