tss academy
Download
Skip this Video
Download Presentation
TSS Academy

Loading in 2 Seconds...

play fullscreen
1 / 42

TSS Academy - PowerPoint PPT Presentation


  • 233 Views
  • Uploaded on

TSS Academy. Troubleshooting with. So What is WireShark?. Open Source Network Tool Packet sniffer/protocol analyzer. 0010100100101011101010101. WiFi Packet Sniffing Association Issues. Air PCAP (Hardware). Cascade Pilot (Commercial). From the F irehose.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' TSS Academy' - kadeem-chase


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
tss academy

TSS Academy

Troubleshooting with

so what is wireshark
So What is WireShark?
  • Open Source Network Tool
  • Packet sniffer/protocol analyzer

0010100100101011101010101

from the f irehose
From the Firehose

One gigabit per second, equates to over 83,000 packets per second, or only 12 microseconds per packet. 

wireshark process
Wireshark Process
  • Capture Traffic
  • Display & Analyze Traffic
  • Summarize Traffic
switch
Switch

interface FastEthernet0/1

port monitor FastEthernet0/2

switch1
Switch

interface FastEthernet0/1

port monitor FastEthernet0/2 rx

Interface FastEthernet0/3

port monitor FastEthernet0/2 tx

vlan monitoring
VLAN Monitoring

interface FastEthernet0/1

port monitor VLAN1

promiscuous mode
“Promiscuous” Mode
  • Ethernet Frames are Addressed.
  • Ethernet NICs ignore frames not for them.
install wireshark on client server
Install Wireshark on Client/Server
  • Wireshark runs on demand.
  • WinPCAP can be disabled in Services.
capture filter examples
Capture Filter Examples

host 10.1.11.24

host 192.168.0.1 and host 10.1.11.1

net 192.168.0.0/24

net 192.168.0.0 mask 255.255.255.0

src net 192.168.0.0/24

port 53

tcp port http

ip

not broadcast not multicast

ether host 00:04:13:00:09:a3

display post filters
Display (Post) Filters
  • Display filters (also called post-filters) only filter the view of what you are seeing. All packets in the capture still exist in the trace
  • Display filters use their own format and are much more powerful then capture filters
display filter expression builder
Display Filter Expression Builder

To Search.. Just type….

display filter examples
Display Filter Examples

ip.src==10.1.11.24

ip.addr==192.168.1.10 && ip.addr==192.168.1.20

tcp.port==80 || tcp.port==3389

!(ip.addr==192.168.1.10 && ip.addr==192.168.1.20)

(ip.addr==192.168.1.10 && ip.addr==192.168.1.20) && (tcp.port==445 || tcp.port==139)

(ip.addr==192.168.1.10 && ip.addr==192.168.1.20) && (udp.port==67 || udp.port==68)

display example
Display Example

dns.qry.name == "www.youtube.com"

and not dns.resp.addr == 208.70.74.21

follow tcp stream1
Follow TCP Stream

red - stuff you sent blue - stuff you get

resources credits
Resources & Credits
  • Wireshark WIKI http://wiki.wireshark.org
  • http://ilta.ebiz.uapps.net/ProductFiles/productfiles/672/wireshark.ppt‎
  • www.wiresharkuniversity.com
ad