10 Cool Things You Should Know How To Do with Wireshark
11.07.2015 Views
Share Embed Flag

10 Cool Things You Should Know How To Do with Wireshark

10 Cool Things You Should Know How To Do with Wireshark

10 Cool Things You Should Know How To Do with Wireshark

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
  • No tags were found...
sharkfest.wireshark.org

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Skills to Master1. Perform Local/Remote Capture Like a ProLocate most active interfaceTest your interfaces (see video at wiresharkbook.com)Use rpcapd.exe for remote capture2. WLAN Graphing (Get a Wi‐Spy Adapter now… Just do it!)Graphing 802.11 retries (wlan.fc.retry == 1)3. VoIP PlaybackLook for jitter, packet loss and errorsSHARKFEST '09 | Stanford University | June 15–18, 2009

Skills to Master4. Create Sexy Hot ProfilesFree profiles online at wiresharkbook.comVideo on copying in profile info at wiresharkbook.com5. Recognize Mlii Malicious Traffic Ptt PatternsHave a baseline ready<strong>Know</strong> scanning/discovery signsColorize questionable traffic6. Analyze an ApplicationWhat is the process?SHARKFEST '09 | Stanford University | June 15–18, 2009

Skills to Master9. Add Columns Fast!Available <strong>with</strong> version. 1.4.0rc1Right click on any field and selectApply as ColumnRight click column headings to align,rename and more (yes –you canleft‐align the No. column!)SHARKFEST '09 | Stanford University | June 15–18, 2009

Let’s Go Play <strong>with</strong> <strong>Wireshark</strong>• Profile Stuff• Application Analysis Stuff• Advanced dIO Graphing Stuff• Whatever else comes to mind…SHARKFEST '09 | Stanford University | June 15–18, 2009

Remote CaptureSHARKFEST '09 | Stanford University | June 15–18, 2009

Graphing WLAN Retries(wlan.fc.retry==1) && (wlan.sa==00:24:b2:1f:27:f9)SHARKFEST '09 | Stanford University | June 15–18, 2009

Try Application Analysis <strong>You</strong>rself!• Launch First Instance of <strong>Wireshark</strong>• Clear DNS and browsing cache (ipconfig /flushdns))– Start capture– http://sharepoint.microsoft.com/?wax=offcom/?wax=off– Stop capture• Launch Second Instance of <strong>Wireshark</strong>• Clear DNS and browsing cache (ipconfig /flushdns)– Start capture– http://sharepoint.microsoft.com/?wax=on– Stop captureCapture on your local host while running <strong>Wireshark</strong>and connecting to the site.SHARKFEST '09 | Stanford University | June 15–18, 2009

Compare Conversations (Time Values)

VoIP Analysis and Playback• Telephony | VoIP Calls | [select call] | Player |Decode [Check conversation(s)] | PlaySHARKFEST '09 | Stanford University | June 15–18, 2009

Tshark Command‐Line Statistics• From <strong>Wireshark</strong> Network AnalysisSHARKFEST '09 | Stanford University | June 15–18, 2009

Tshark Command‐Line• tshark –i 3 ‐qz conv,eth ‐zz conv,ip –z conv,tcp-i 3-qz conv,eth-z conv,ip-z conv,tcpCapture on the3 rd interfacelisted bytshark -D<strong>Do</strong>n’t showpackets (-q ), butcapture EthernetconversationstatisticsOnly use -qonce. Capture IPconversationstatisticsOnly use -qonce. CaptureTCPconversationstatisticsSHARKFEST '09 | Stanford University | June 15–18, 2009

Keep Up <strong>with</strong> Me• Twitter ‐ www.twitter.com/laurachappell• Newsletter (chappellU.com)• <strong>Wireshark</strong> Weekly Tips (wiresharktraining.com)i i • Free <strong>Wireshark</strong> Webinars (chappellU.com)• Microsoft Project ‐http://facebook.com/MVPpress p// / p ‐ Search forpost “Laura Needs <strong>You</strong>r Help” and reply <strong>with</strong>your ideas and suggestionsSHARKFEST '09 | Stanford University | June 15–18, 2009

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!