Packets and Protocols Chapter 4. Chapter Four Using Wireshark. Packets and Protocols Chapter 4. The Wireshark main window. ■ Menu bar ■ Tool bar ■ Summary window ■ Protocol Tree window ■ Data View window ■ Filter bar ■ Information field ■ Display information.
The Wireshark main window
■ Menu bar
■ Tool bar
■ Summary window
■ Protocol Tree window
■ Data View window
■ Filter bar
■ Information field
■ Display information
Main window components
Summary window components
Summary window example
What does this summary info tell us?
Protocol window example
What does this protocol info tell us?
Good place to find passwords and usernames!
Note that many file types are available
You can print in plain text, post-script or output to a file
Allows you to customize Wireshark to your personal liking or needs
There is a lot of customizable information on the viewing capabilities of Wireshark
A color coded display can help you troubleshoot
* The packet count and packets per second displayed in the Capture Interfaces dialog box are not the total seen by the interfaces, but are the total count and rate seen by the interface from the time the Capture Interface dialog box was opened
Where to save?
Use multiple Files?
When to stop?
Not used very often – best not to override defaults
Very useful for following a conversation but usually only if the data is sent in the clear (telnet, SMTP, etc)
Note the packet drop errors (REF pg 200)
Why does the throughput drop off? REF pg 201
Why is the throughput so jagged?
*This is, of course after you know what a normal network sniffer capture looks like!
into parts of the gathered data
Summary menu options
Protocol tree menu options
Data view menu options
Wireshark –i eth0 –k –w test.libpcap –b 3 –a filesize:100