













































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Tcpdump. ◦ Unix-based command-line tool used to intercept packets. ◦ Including filtering to just the packets of interest. ◦ Reads “live traffic” from ...
Typology: Slides
1 / 85
This page cannot be seen from the preview
Don't miss anything!














































































What is Wireshark? Capturing Packets Analyzing Packets Filtering Packets Saving and Manipulating Packets Packet Statistics Colorizing Specific Packets References
Features ◦ Deep inspection of thousands of protocols ◦ Live capture and offline analysis ◦ Standard three-pane packet browser ◦ Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility ◦ The most powerful display filters in the industry ◦ Rich VoIP analysis ◦ Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others ◦ Coloring rules can be applied to the packet list for quick, intuitive analysis ◦ Output can be exported to XML, PostScript®, CSV, or plain text
What we can: ◦ Capture network traffic ◦ Decode packet protocols using dissectors ◦ Define filters – capture and display ◦ Watch smart statistics ◦ Analyze problems ◦ Interactively browse that traffic Some examples people use Wireshark for: ◦ Network administrators: troubleshoot network problems ◦ Network security engineers: examine security problems ◦ Developers: debug protocol implementations ◦ People: learn network protocol internals
7
01:46:28.808262 IP danjo.CS.Berkeley.EDU.ssh > adsl- 69 - 228 - 230 - 7 .dsl.pltn 13 .pacbell.net. 2481 :. 2513546054:2513547434( 1380 ) ack 1268355216 win 12816 01:46:28.808271 IP danjo.CS.Berkeley.EDU.ssh > adsl- 69 - 228 - 230 - 7 .dsl.pltn 13 .pacbell.net. 2481 : P 1380:2128( 748 ) ack 1 win 12816 01:46:28.808276 IP danjo.CS.Berkeley.EDU.ssh > adsl- 69 - 228 - 230 - 7 .dsl.pltn 13 .pacbell.net. 2481 :. 2128:3508( 1380 ) ack 1 win 12816 01:46:28.890021 IP adsl- 69 - 228 - 230 - 7 .dsl.pltn 13 .pacbell.net. 2481 > danjo.CS.Berkeley.EDU.ssh: P 1:49( 48 ) ack 1380 win 16560
8 01:46:28.808262 IP danjo.CS.Berkeley.EDU.ssh > adsl- 69 - 228 - 230 - 7.dsl.pltn13.pacbell.net.2481:. 2513546054:2513547434(1380) ack 1268355216 win 12816 Timestamp This is an IP packetSource host nameSource port number (22) Destination host name Destination port number TCP specific information
10
Syntax: tcpdump [options] [filter expression] Unfortunately, Eustis machine does not allow normal users to run tcpdump I will demonstrate it on my group’s Unix machine: acnserver.fils.edu ◦ $ sudo tcpdump – i eth ◦ On your own Unix machine, you can run it using “sudo” or directly run “tcpdump” Observe the output
11
We are often not interested in all packets flowing through the network Use filters to capture only packets of interest to us
13
14
16
◦ http://www.tcpdump.org/ ◦ You can do it on your own Unix machine ◦ You can install a Linux OS in Vmware on your machine
◦ WinDump: http://www.winpcap.org/windump/ ◦ Free software
Packet sniffer/protocol analyzer Open Source Network Tool Latest version of the ethereal tool
19
Packet List Packet Details Packet Bytes