Beruflich Dokumente
Kultur Dokumente
Setting up Wireshark
30 August 2006
NOT JUST FOR IP, not just for Ethernet, useful with SS7, Sigtran
Capture packets live off the wire or replay other capture files
WiresharkOverview|2|2006eServGlobal
Wireshark Features
Import and Export packet data from and to a lot of other capture
programs
WiresharkOverview|3|2006eServGlobal
To read Sigtran traffic snoop file off the UAS and decode TCAP
WiresharkOverview|4|2006eServGlobal
Packet bytes (the actual bytes that were captured off the wire)
WiresharkOverview|5|2006eServGlobal
See the MAC addresses (you can have it translate to a human name)
Note the decode. How does it know this is TCP and telnet data?
Go to Edit -> Preferences -> Protocols -> TCP and uncheck the
Validate the Checksums and Click ok (NOT Save)
Now you know why you should always use SSH not Telnet
WiresharkOverview|6|2006eServGlobal
Use the Find tool to find the string dog in one of the packets
You see all the POP3 traffic (I removed the password packet)
This would be nearly the same as putting ftp in the display filter
WiresharkOverview|7|2006eServGlobal
Clear the filter and click Expression next to the display filter window
Select IP.dst in the Field Name, == in the Relation and
203.26.51.42 in the Value box and click apply.
What does that show? What protocol type is it?
Click the find box, Display Filter and place the expression
dns.flags == 0x0100 in the box and click Find. Whats that?
Edit -> Mark that packet and print that marked packet only.
Unmark it again
You can save common filters for later use
Save all the NTP data in another file (hint: use display option)
Mark packet 233 and 244 and save it to a file with another name.
WiresharkOverview|8|2006eServGlobal
Do the same with ICMP and NTP data (fairly simple, I know)
WiresharkOverview|9|2006eServGlobal
WiresharkOverview|10|2006
Thats it!
WiresharkOverview|11|2006
Whos Thirsty?
WiresharkOverview|12|2006