Wireshark Starter

Download as pdf or txt
Download as pdf or txt
You are on page 1of 3
At a glance
Powered by AI
Wireshark is a free and open-source packet analyzer used for network troubleshooting, analysis, and education. It supports different communication protocols across many operating systems.

The fundamental steps to capture packets through Wireshark are: (1) Select the interface, (2) Start capturing, (3) Stop capturing, (4) Analyze the captured packets.

In Wireshark, you can right click on any field header to change the configuration of displayed columns, such as the unit of time, display format, toggling columns, and sorting based on columns.

Course - Network Security (SSZG513)

Topic - Wireshark Starter Worksheet


Author and Instructor - Vineet Garg

Objective: The objective of this worksheet is to provide a quick jump start on Wireshark to
capture communication protocol packets. It can be skipped, if the audience is already
familiar with it.

Platform: The content shown below is taken from Wireshark 1.12.6 running on Windows-
8.1 operating system. This is expected to be similar or with minimum differences across
different operating systems and Wireshark software releases.

Wireshark Introduction: Wireshark is a free and open-source packet analyzer. It is used for
network troubleshooting, analysis, software and communications protocol development,
and education. It was originally named Ethereal but in 2006 renamed to Wireshark because
of few trademark issues. It is available for many operating systems and support different
communication protocols. No deep Wireshark understanding is required for basic packets
capturing but some starter information can be gained from many available on line resources
like:

https://www.wireshark.org/docs/wsug_html_chunked/
https://www.concise-courses.com/security/wireshark-basics/

A quick overview is provide below to help you jump-start:

Download Wireshark: Download a stable release for Wireshark for your operating system
from https://www.wireshark.org/download.html and install it. A shortcut (blue shark fin) on
your desktop would be also installed as shown below. This shortcut icon can be used to run
the Wireshark. Wireshark is Open Source Software released under the GNU General Public
License.

Running Wireshark: The fundamental steps to capture packets through the Wireshark are
as follows:
(1) Select the interface on your PC/Laptop from where the packets are being
generated/received.
BITS Pilani Work Integrated Learning Programme (WILP)
Page 1 of 3, Rev-1.0
Course - Network Security (SSZG513)
Topic - Wireshark Starter Worksheet
Author and Instructor - Vineet Garg

(2) Start capturing.


(3) Stop capturing.
(4) Analyze the captured packets.

On running the Wireshark a screen will displayed as shown below with the available list of
interfaces on your machine on the top left had side. Below that there will be a green start
button indicating the start of a capture. One can select the interface from the Interface List
or the list available below Start button. Once selected, the Green start button can be
pressed to start the capture.

Once the capturing is started, the screen will look like as shown below. The capturing can be
stopped pressing the red square button below the menu bar.

BITS Pilani Work Integrated Learning Programme (WILP)


Page 2 of 3, Rev-1.0
Course - Network Security (SSZG513)
Topic - Wireshark Starter Worksheet
Author and Instructor - Vineet Garg

The column fields which are displayed by default are:


No - packet number
Time - Time of the packet
Source - Source of the packet IP address
Destination - destination of the packet IP address
Protocol - the protocol type of the packet
Length - length in bytes for the packet
Info - Some details of the protocol packet

Right clicking on any filed header, the configuration of above fields can be changed. E.g. unit
of time, display format, toggling of a column, sorting on the basis of a column etc.

Also notice display filter below that can be used as display filter to see only the packets of
interest like ssl, tcp, snmp etc. The details of permitted filters is provided at -
https://wiki.wireshark.org/DisplayFilters

If we type ssl in the filter, only the ssl packets will be shown by the display screen from the
capture. The objective of filter is to help in focusing the protocol of interest only masking
the other protocols off from being displayed.

The captured file can be saved from File menu option with .pcap extension for a later offline
analysis or to compare the results.

BITS Pilani Work Integrated Learning Programme (WILP)


Page 3 of 3, Rev-1.0

You might also like