Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Contents
1.0 Introduction.......................................................................................................... 3
2.0 Installation Process............................................................................................... 3
3.0 How to use........................................................................................................... 3
4.0 Conclusion............................................................................................................ 4
5.0 Comprehensive Report......................................................................................... 5
6.0 Capturing packets................................................................................................ 5
7.0 Color Coding......................................................................................................... 6
8.0 Filtering Packets.................................................................................................... 6
9.0 Inspecting Packets................................................................................................ 7
10.0 Conclusion.......................................................................................................... 7
11.0 My experiences.................................................................................................. 8
11.1 Introduction........................................................................................................ 8
11.2 Experiences........................................................................................................ 8
12.0 Conclusion.......................................................................................................... 9
13.0 References List................................................................................................... 9
1.0 Introduction
In the world of Cybersecurity and digital forensics there exist a never ending battle between the
heroes i.e the people who protect and fortify information i.e Cybersecurity experts e.g ethical
hackers and villans in this case the bad guys(black hats) who attack systems with malicious
intent such as to sabotage and gain illegal access to information. Just like superheroes like
Captain America with superpowers on their hands to stop the villans from commiting their evil
acts, Cybersecurity experts are armed with an array of powerful cybersecurity tools such as
Packet analyzer to secure their information systems fortresses. Due to the vast number of tools
used and their particular functions in this report we are going to focus on packet
analyzers/sniffers and particularly on Wireshark as a case study. Wireshark is a free and open
source network analyzer fo MAC, Windows and linux hat is used to inspect packets passing
through a network interface, be it your LAN,Ethernet or even Wireless radio connection.
Wireshark as a forensic tools has a number of amazing feartures and capabilities which will be
explored in the succeeding paragraphs together with its functionality and operability.
Lastly, I will go through functions and capabilities of Wireshark. Wireshark as a packet analyzer
is armed with a number of capabilties to enable it perform effectively and also to make it
versatile. The capabilities include:
Live data can be read from diffrent types of networks, such as loopback, IEEE 802.11,
Ethernet and PPP.
Data can be sniffed from an active network connection or read from a file of alreadycaptured packets..
Captured network packets can be browsed via a Graphical User Interface, or via the
command line version of the utility i.e.TShark.
VoIP calls in the captured traffic can be detected. If encoded in a compatible encoding,
the media flow can even be played.
Wireless connections can also be filtered as long as they flow within the monitored
Ethernet.
Diffrent timers, filters, and settings can be set that ensure only triggered traffic appear.
4.0 Conclusion
In conclusion, Wireshark is a versatile tool that is designed to perform its prescribed chief
function i.e packet sniffing at the best possible way. With the forementioned features Wireshark
is undoubtedly king or ahead of the pack in matters of packet analyzing/snifing and its open
source format will likely help it stay ahead of the game for a long time to come.
Wireshack, is a packet sniffer tool previously known as Ethereal changed to Wireshark in 2006
due to copyright claim of the previous name , it captures packets in real time and then converts
the information from binary to human-readable form. Wireshark has color-coding, filters and
other features that let you burrow deep into network traffic and inspect individual packets. This
report will aid you in understanding the basics of capturing packets, filtering them, and
inspecting them. Also wireshark can be used to inspect a suspicious programs network traffic,
analyze the traffic movement on your network, or troubleshoot network problems.
Capture 1
You can then proceed and click the stop capture button near the top left corner of the window
when you want to stop capturing traffic.
Capture 2
10.0 Conclusion
Wireshark is an extremely powerful tool, and this report was compiled just to give an overview
of Wireshark. Professionals use it to debug network protocol implementations, examine security
problems and inspect network protocol internals.
11.0 My experiences
11.1 Introduction
Being an aspiring Cybersecurity and forensics expert my journey to being a guru is long and over
the years I have been acquiring skills needed in the field. This being my junior year and having
settled on forensics as a concentration. As part of my coursework in in the introductory course to
forensics (FIC4010 Information System Security) I was supposed to learn a network packet
analyzer /sniffer. The lecturer settled on Wire shark for learning purpose and to be honest this has
been a great experience cause having sampled other network protocol analyzers before such as
Ntop, Kismet, Ettercap, and Netstumbler I could say Wireshark is the best cause of the
experiences I have had with it.
11.2 Experiences
First and foremost was the user-friendliness of the application. From the website which was well
designed which enables one to browse swiftly and find the write download for your machine
whether 64bit or 32bit. Easy installation instructions which went smoothly without any
complications and finally launching the application. I must admit the Wireshark graphical user
interface is the most users friendly. As everything you need is neatly placed from the allimportant capture feature and tools on left half of the screen to file containing captured packets
in the middle and online resources on the right. All this makes the Wireshark a user friendly
application.
Secondly, learning curve. This application has a quite relatively steep learning curve compared to
other packet analyzers. I say this because as I was learning this packet analyzer it was easy to
understand some of its features thanks to availability of well explained tutorials on the internet
on both the Wiresharks website and YouTube. This was done on a relatively short time span and
also just a few webisodes of tutorial was needed to understand the application.
On capturing packets. Considering Wireshark is a powerful and popular network analyzer, that
can inspect data passing over a network interface be it Ethernet or wireless network, and can
capture packets that are sent and received over network and decode them. It proved to be an
invaluable tool in my assignment packet sniffing. In the application using the capture feature was
quite easy and straight forward. First at the top left of the application is the capture feature which
contains the interface list and capture options which you can use for a more detailed or refined
capture option. So in my case I used the capture options which give several options on how I
want to capture my packets. Once I choose all my options I click on start and it starts capturing
all the different packets are going on the particular interface. From there you have achieved the
sole objective of your mission i.e. capturing packets. Here is where the fun is as this application
made me feel like a hacker. From seeing peoples usernames, passwords and webpages to
reading live data from a number of types of networks such as IEEE 802.11, Ethernet and
loopback. The experience on its own was mindboggling as I felt omniscient having experienced
the powerful capability of Wireshark.
12.0 Conclusion
In conclusion, Wireshark is a wonderful application that does what it is supposed to do and never
disappoints.