TSS Academy - PowerPoint PPT Presentation

Tss academy
1 / 42

  • Uploaded on
  • Presentation posted in: General

TSS Academy. Troubleshooting with. So What is WireShark?. Open Source Network Tool Packet sniffer/protocol analyzer. 0010100100101011101010101. WiFi Packet Sniffing Association Issues. Air PCAP (Hardware). Cascade Pilot (Commercial). From the F irehose.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

TSS Academy

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Tss academy

TSS Academy

Troubleshooting with

So what is wireshark

So What is WireShark?

  • Open Source Network Tool

  • Packet sniffer/protocol analyzer


Air pcap hardware

WiFi Packet Sniffing

Association Issues

Air PCAP (Hardware)

Cascade pilot commercial

Cascade Pilot (Commercial)

From the f irehose

From the Firehose

One gigabit per second, equates to over 83,000 packets per second, or only 12 microseconds per packet. 

Wireshark process

Wireshark Process

  • Capture Traffic

  • Display & Analyze Traffic

  • Summarize Traffic

Where do i put wireshark

Where do I put WireShark?

Location location location

Location, Location, Location

Tss academy




Switch with a span port

Switch with a SPAN port

Tss academy


Tss academy




interface FastEthernet0/1

port monitor FastEthernet0/2



interface FastEthernet0/1

port monitor FastEthernet0/2 rx

Interface FastEthernet0/3

port monitor FastEthernet0/2 tx

Vlan monitoring

VLAN Monitoring

interface FastEthernet0/1

port monitor VLAN1

Promiscuous mode

“Promiscuous” Mode

  • Ethernet Frames are Addressed.

  • Ethernet NICs ignore frames not for them.

Install wireshark on client server

Install Wireshark on Client/Server

  • Wireshark runs on demand.

  • WinPCAP can be disabled in Services.

Selectively ignore traffic

Selectively Ignore Traffic

Capture filter examples

Capture Filter Examples


host and host


net mask

src net

port 53

tcp port http


not broadcast not multicast

ether host 00:04:13:00:09:a3

Capture filter

Capture Filter

Capture options

Capture Options

Capture interfaces

Capture Interfaces

Capturing data capture window

Capturing Data (Capture Window)

Stopping the packet capture

Stopping the Packet Capture

Displaying packets

Displaying Packets

Display post filters

Display (Post) Filters

  • Display filters (also called post-filters) only filter the view of what you are seeing. All packets in the capture still exist in the trace

  • Display filters use their own format and are much more powerful then capture filters

Wireshark display filter cheatsheet packetlife net

Wireshark Display Filter CheatSheet (packetlife.net)

Display filter expression builder

Display Filter Expression Builder

To Search.. Just type….

Display filter examples

Display Filter Examples


ip.addr== && ip.addr==

tcp.port==80 || tcp.port==3389

!(ip.addr== && ip.addr==

(ip.addr== && ip.addr== && (tcp.port==445 || tcp.port==139)

(ip.addr== && ip.addr== && (udp.port==67 || udp.port==68)

Display example

Display Example

dns.qry.name == "www.youtube.com"

and not dns.resp.addr ==

Analyzing data

Analyzing Data

Statistics menu

Statistics Menu

I o graph with filters

I/O Graph (With Filters)

Protocol hierarchy

Protocol Hierarchy

Protocol hierarchy1

Protocol Hierarchy

Follow tcp stream

Follow TCP Stream

Follow tcp stream1

Follow TCP Stream

red - stuff you sent blue - stuff you get

Resources credits

Resources & Credits

  • Wireshark WIKI http://wiki.wireshark.org

  • http://ilta.ebiz.uapps.net/ProductFiles/productfiles/672/wireshark.ppt‎

  • www.wiresharkuniversity.com

  • Login