Presentation is loading. Please wait.

Presentation is loading. Please wait.

Packet Capture and Analysis: An Introduction to Wireshark 1.

Published byBlake Hawkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Packet Capture and Analysis: An Introduction to Wireshark 1."— Presentation transcript:

1 Packet Capture and Analysis: An Introduction to Wireshark 1

2 Why Capture Packets? Small scale –Analysis of existing protocols –Design and testing of new protocols Large scale –Traffic analysis and statistics –Capacity planning –Creation and implementation of traffic policy Network attacks and attack prevention –Reconnaissance prior to targeted attack –Capture of credentials, etc. –Verify security policy 2

3 Considerations for Capturing Packets Minimize the effect of the capture on the network traffic –We don’t want to make architectural changes just to capture traffic Your capture device can only capture traffic that reaches its network interface –Only some of the network traffic normally appears on a specific network segment The normal host interface behavior is to filter traffic that does not match an interface address –You may want to capture additional traffic 3

4 Hardware Capture The appliance is a custom host with multiple network interfaces, some bridging capability, a tap within that bridge, and often a large data storage capacity The appliance is inserted into an existing network link Most hardware appliances use software for their analysis Complete appliances are disappearing – but hardware taps are still popular 4

5 Software Capture An existing host has capture software installed –The host may only need one interface 1 The host interface is operated promiscuously –Filtering of packets is disabled so that all received packets can be captured The network tap occurs outside the host –A tap is inserted into a link and the capture host is attached to the hub –A managed bridge is configured to copy packets going in or out of one bridge port and send that copy out another port where the capture host is attached 5

6 Local Host Software Capture If we are only interested in traffic to or from the host with the analyzer software then no network tap is needed –Promiscuous operation of the local interface may also be optional The host continues to operate normally on the network for protocols other than the one being tested This is useful when analyzing an application layer protocol, for example 6

7 Examples of capture scenarios 7

8 Wireshark Wireshark is free protocol analyzer software available for Windows and Linux platformsWireshark What follows is a very brief introduction –There is documentation at the Wireshark site –Laura Chappell has written several useful books on how to use Wireshark –There are several YouTube videos that introduce Wireshark 8

Download ppt "Packet Capture and Analysis: An Introduction to Wireshark 1."

Similar presentations

ITIS2110 Lab 9. Scenario There are web network problems at your site Your manager has assigned you to track down the problem  He “highly” suggests you.

ITIS2110 Lab 9. Scenario There are web network problems at your site Your manager has assigned you to track down the problem  He “highly” suggests you.
Capture Packets using Wireshark. Introduction Wireshark – – Packet analysis software – Open source.

Capture Packets using Wireshark. Introduction Wireshark – – Packet analysis software – Open source.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) SriramGopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
Presented by Serge Kpan LTEC 4550.020 Network Systems Administration 1.

Presented by Serge Kpan LTEC Network Systems Administration 1.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
Connecting LANs, Backbone Networks, and Virtual LANs

Connecting LANs, Backbone Networks, and Virtual LANs
And how they are used. Hubs send data to all of the devices that are plugged into them. They have no ability to send packets to the correct ports. Cost~$35.

And how they are used. Hubs send data to all of the devices that are plugged into them. They have no ability to send packets to the correct ports. Cost~$35.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Configuring Routing and Remote Access(RRAS) and Wireless Networking

Configuring Routing and Remote Access(RRAS) and Wireless Networking
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.
COEN 252 Computer Forensics

COEN 252 Computer Forensics
NETWORKING COMPONENTS By Scott H. Bowers. HUB A hub can be easily mistaken for a switch, physically there are no defining characteristics, both have power.

NETWORKING COMPONENTS By Scott H. Bowers. HUB A hub can be easily mistaken for a switch, physically there are no defining characteristics, both have power.
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.

Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Introduction to Wireshark Making Sense of the Matrix

Introduction to Wireshark Making Sense of the Matrix
NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.

NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.
Company LOGO Networking Components Hysen Tmava LTEC 4550.

Company LOGO Networking Components Hysen Tmava LTEC 4550.

Similar presentations

Ads by Google