TASK: WIRESHARK ASSIGNMENT

NAME: BRIAN KIPRUTO CHELIMO

ADM NO: 644067

INSTRUCTOR: JUSTUS NYAMWEYAN NYANGWECHA

COURSE: FIC: 4010: INFORMATION SYSTEM SECURITY.

SEMESTER: FALL 2016

Contents
1.0 Introduction.......................................................................................................... 3
2.0 Installation Process............................................................................................... 3
3.0 How to use........................................................................................................... 3
4.0 Conclusion............................................................................................................ 4
5.0 Comprehensive Report......................................................................................... 5
6.0 Capturing packets................................................................................................ 5
7.0 Color Coding......................................................................................................... 6
8.0 Filtering Packets.................................................................................................... 6
9.0 Inspecting Packets................................................................................................ 7
10.0 Conclusion.......................................................................................................... 7
11.0 My experiences.................................................................................................. 8
11.1 Introduction........................................................................................................ 8
11.2 Experiences........................................................................................................ 8
12.0 Conclusion.......................................................................................................... 9
13.0 References List................................................................................................... 9

1.0 Introduction

In the world of Cybersecurity and digital forensics there exist a never ending battle between the
heroes i.e the people who protect and fortify information i.e Cybersecurity experts e.g ethical
hackers and villans in this case the bad guys(black hats) who attack systems with malicious
intent such as to sabotage and gain illegal access to information. Just like superheroes like
Captain America with superpowers on their hands to stop the villans from commiting their evil
acts, Cybersecurity experts are armed with an array of powerful cybersecurity tools such as
Packet analyzer to secure their information systems fortresses. Due to the vast number of tools
used and their particular functions in this report we are going to focus on packet
analyzers/sniffers and particularly on Wireshark as a case study. Wireshark is a free and open
source network analyzer fo MAC, Windows and linux hat is used to inspect packets passing
through a network interface, be it your LAN,Ethernet or even Wireless radio connection.
Wireshark as a forensic tools has a number of amazing feartures and capabilities which will be
explored in the succeeding paragraphs together with its functionality and operability.

2.0 Installation Process

To begin with I will go through the installation process of Wireshark. Installing wireshark is
relatively straight forward. First launch your browser-this assuming you have rudimentary
knowldege of how to use a computer- navigate to wiresharks website https://www.wireshark.org
go to the download page click on the version that is compartible with your computer and it will
automatically start the download process. Once it finishes double click the download file and it
will open from their read the terms and agreement carefully before accepting then once you
finish the installation processes then launch the application from your desktop. Another
alternative is just to install it from a storage device and repeat the above installation processes.

3.0 How to use

Next I will cover how to use or operate Wireshark. First, when you open Wireshark, theres a
couple of toolbars at the top, an area called Filter, and a few boxes below in the main window.
Online directly links you to Wiresharks site, a super handy user guide, and information on the
security of Wireshark. Under Files, youll find Open, which lets you open previously saved
captures, and Sample Captures. You can also download any of the sample captures through this
webpage, and study the data. This will help you understand what kind of packets Wireshark can
capture.Last but not the least is the Capture section. This will let you choose your Interface. If
you click on the interface, you will see each of the interfaces that are available for you to sniff
on. Itll also show you which ones are active for example mine is on Wi-Fi, so it is most active.
Clicking details will show you some pretty generic information about that interface.Under Start,
you can choose one or more interfaces to check out. Capture Options allows you to customize
what information you see during a capture. Take a look at your Capture Options and you can
choose a filter, a capture file, and much more.Under Capture Help, you can read up on how to
capture, and you can check info on Network Media about what interfaces work on what
platforms.

Lastly, I will go through functions and capabilities of Wireshark. Wireshark as a packet analyzer
is armed with a number of capabilties to enable it perform effectively and also to make it
versatile. The capabilities include:

Live data can be read from diffrent types of networks, such as loopback, IEEE 802.11,
Ethernet and PPP.

Data can be sniffed from an active network connection or read from a file of alreadycaptured packets..

Captured network packets can be browsed via a Graphical User Interface, or via the
command line version of the utility i.e.TShark.

Captured files can be programmatically edited or converted via command-line switches

to the "editcap" program.

Data display can be refined using a display filter.

Plug-ins can be created for dissecting new protocols.

USB traffic can be captured.

VoIP calls in the captured traffic can be detected. If encoded in a compatible encoding,
the media flow can even be played.

Wireless connections can also be filtered as long as they flow within the monitored
Ethernet.

Diffrent timers, filters, and settings can be set that ensure only triggered traffic appear.

4.0 Conclusion
In conclusion, Wireshark is a versatile tool that is designed to perform its prescribed chief
function i.e packet sniffing at the best possible way. With the forementioned features Wireshark
is undoubtedly king or ahead of the pack in matters of packet analyzing/snifing and its open
source format will likely help it stay ahead of the game for a long time to come.

5.0 Comprehensive Report

Wireshack, is a packet sniffer tool previously known as Ethereal changed to Wireshark in 2006
due to copyright claim of the previous name , it captures packets in real time and then converts
the information from binary to human-readable form. Wireshark has color-coding, filters and
other features that let you burrow deep into network traffic and inspect individual packets. This
report will aid you in understanding the basics of capturing packets, filtering them, and
inspecting them. Also wireshark can be used to inspect a suspicious programs network traffic,
analyze the traffic movement on your network, or troubleshoot network problems.

6.0 Capturing packets

Once you download and install Wireshark, launch it and click the name of an interface under
Interface List to start capturing packets on that interface. A good example is, if you want to
capture traffic on a wireless network, click your wireless interface. You can configure advanced
features by clicking Capture Options, but this isnt necessary for now. Once you click the
interfaces name and press start youll see the packets start to appear in real time. Wireshark
captures each packet sent to or from your system. If youre capturing on a wireless interface and
have promiscuous mode enabled in your capture options, youll also see other the other packets
on the network.

Capture 1

You can then proceed and click the stop capture button near the top left corner of the window
when you want to stop capturing traffic.

7.0 Color Coding

Youll probably see packets highlighted in green, blue, and black. The Wireshark application
uses color codes to help you identify the types of traffic as seen. Normally by default, green
represents TCP traffic, light blue is UDP traffic ,dark blue is DNS traffic, and black identifies
TCP packets with problem even though capture below failed to capture TCP packets with
problem.

Capture 2

8.0 Filtering Packets

You can also inspect something specific, such as the traffic a program sends when phoning
home; it aids to close down all other applications using the network so you can narrow your
crosshair to the traffic. Still, you will likely have a large amount of packets to sort through.
Thats where Wiresharks filters come in handy.
The most basic way to apply a filter is by typing it into the filter box at the top of the window
and clicking Apply (or pressing Enter). For example, if you key in dns, youll see only DNS
packets. When you start typing, Wireshark will help you autocomplete your filter.

9.0 Inspecting Packets

Click a packet to select it and you can dig down to view its details.

10.0 Conclusion
Wireshark is an extremely powerful tool, and this report was compiled just to give an overview
of Wireshark. Professionals use it to debug network protocol implementations, examine security
problems and inspect network protocol internals.

11.0 My experiences
11.1 Introduction

Being an aspiring Cybersecurity and forensics expert my journey to being a guru is long and over
the years I have been acquiring skills needed in the field. This being my junior year and having
settled on forensics as a concentration. As part of my coursework in in the introductory course to
forensics (FIC4010 Information System Security) I was supposed to learn a network packet
analyzer /sniffer. The lecturer settled on Wire shark for learning purpose and to be honest this has
been a great experience cause having sampled other network protocol analyzers before such as
Ntop, Kismet, Ettercap, and Netstumbler I could say Wireshark is the best cause of the
experiences I have had with it.

11.2 Experiences
First and foremost was the user-friendliness of the application. From the website which was well
designed which enables one to browse swiftly and find the write download for your machine
whether 64bit or 32bit. Easy installation instructions which went smoothly without any
complications and finally launching the application. I must admit the Wireshark graphical user
interface is the most users friendly. As everything you need is neatly placed from the allimportant capture feature and tools on left half of the screen to file containing captured packets
in the middle and online resources on the right. All this makes the Wireshark a user friendly
application.
Secondly, learning curve. This application has a quite relatively steep learning curve compared to
other packet analyzers. I say this because as I was learning this packet analyzer it was easy to
understand some of its features thanks to availability of well explained tutorials on the internet
on both the Wiresharks website and YouTube. This was done on a relatively short time span and
also just a few webisodes of tutorial was needed to understand the application.
On capturing packets. Considering Wireshark is a powerful and popular network analyzer, that
can inspect data passing over a network interface be it Ethernet or wireless network, and can
capture packets that are sent and received over network and decode them. It proved to be an
invaluable tool in my assignment packet sniffing. In the application using the capture feature was
quite easy and straight forward. First at the top left of the application is the capture feature which
contains the interface list and capture options which you can use for a more detailed or refined
capture option. So in my case I used the capture options which give several options on how I
want to capture my packets. Once I choose all my options I click on start and it starts capturing
all the different packets are going on the particular interface. From there you have achieved the
sole objective of your mission i.e. capturing packets. Here is where the fun is as this application
made me feel like a hacker. From seeing peoples usernames, passwords and webpages to
reading live data from a number of types of networks such as IEEE 802.11, Ethernet and
loopback. The experience on its own was mindboggling as I felt omniscient having experienced
the powerful capability of Wireshark.

12.0 Conclusion

In conclusion, Wireshark is a wonderful application that does what it is supposed to do and never
disappoints.

13.0 References List

1. "Q&A with the founder of Wireshark and Ethereal". Interview with Gerald Combs.
protocolTesting.com. Retrieved 2016-11-10.
2. "Best of open source software awards: Networking". InfoWorld. 2008-08-05. Retrieved201611-10.
3. "Wireshark FAQ". Retrieved 10 November 2016.
4. "Dissector compilation example". OmniIDL. Retrieved 10 November 2016
5. "USB capture setup". Wireshark Wiki. Retrieved 10 Novemeber 2016.