Using Wireshark
Part of a series on "Opening the Network Blackbox"
Wireshark Tutorial
Before starting a new packet capture, be sure that you are using the latest version of Wireshark.
Your computer can become compromised by using Wireshark to analyze malicious packets.
- Wiretap Law
Without a court order, the no one may intercept contents of electronic transmissions (e.g sniff packets) unless an exception applies. - Capturing Packets
Selecting capture options and save file formats. - Network Diagnostics
Diagnosing symptoms of possibly network related problems. - Protocol Analysis
Dig deeper into what, where and how data is actually being sent across the network.
Definitions
Some terms used when capturing network traffic for analysis...
- Sniffer
- A program to record and analyze data network traffic
- Packet capture
- The data collected from a sniffer
- Promiscuous Mode
- A state of a Network Interface Card configured to accept every packet on the wire
- Ether
- A older term naming the intangible vapor like space of networks and
packets (ergo Ethernet). Ether is also short for ethyl oxide. Sniffing
either type of ether will eventually make you dizzy
. - Ephemeral port
- A temporary TCP or UDP address. Commonly called the "random high-port" or the "client port".
References
- Ethereal's User Guide
- Sniffin' the Ether v2.0 - Alaric
- RFC 792 - Page 5 - Time Exceeded Message
- RFC 1393 - 1. Traceroute Today
- Ethereal Getting Started Guide
OS X Leopard Antivirus
