Wireshark 1
-
What is Wireshark?
Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and try to display the packet data as detailed as possible.
It can be used for many different things such as troubleshoot network problems, examine security problems or just learn the network protocols.
In this course you will learn how to use Wireshark on a beginner level. You will learn how to analyse packets, create pcap-files from a network, filter packets and use the main menu.
-
Packet capture files (.pcap-files)
A packet capture is a snapshot of live network traffic. Packet captures are very useful for in-depth network diagnostics and troubleshooting. When you discover a network issue that affects your applications, you can capture traffic and send the resulting data to others for further analysis.
-
Filters
Any time you’re analyzing network traffic, you’ll want to shut down applications sending packets you don’t want to see to narrow the traffic. Even then, you’ll likely be left with a lot of residual packets to sift through. That’s where Wireshark’s filters come into play. It offers capture filters and display filters, and both affect the capture file differently.
Capture filters are applied to the capture file before the recording process begins, allowing you to decide which packets Wireshark will capture. Display filters, on the other hand, are applied to a capture file after the capture, allowing you to only see packets that meet your specific criteria.
To add a capture filter, click in the entry field above the interfaces shown in the launch window. You can type a filter in, such as TDP, or click the bookmark icon to the left and pick from a drop-down list. For more options, after clicking the green bookmark icon, select “manage capture filters”.
-
Statistics
Conversations
In order to view more information on your network, the statistics drop-down menu is incredibly useful. The statistics menu can be located at the top of the screen and will provide you with a number of metrics from size and timing information to plotted charts and graphs. You can apply display filters to these statistics in order to narrow down important information.
Name resolution
https://www.wireshark.org/docs/wsug_html_chunked/ChAdvNameResolutionSection.html
-
Quiz