Scribd Logo
Upload

Welcome to Scribd!

  • Presentasi Wireshark

    Uploaded by

    Budi Isdiyanto
    16 views21 pages
    This document provides a summary of using the network analysis tool Wireshark. It discusses what Wireshark is, its key features like capturing packets in real time and displaying protocol information. It describes how to use Wireshark to analyze packet captures, including sniffing packets, viewing packet contents in the list, detail, and byte panels. It also covers how to filter packets using Wireshark filters and color rules to differentiate packet types. The document is a training guide that outlines the main functionality and interface of Wireshark.

    Original Description:

    Original Title

    1. PRESENTASI WIRESHARK

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides a summary of using the network analysis tool Wireshark. It discusses what Wireshark is, its key features like capturing packets in real time and displaying protocol information. It describes how to use Wireshark to analyze packet captures, including sniffing packets, viewing packet contents in the list, detail, and byte panels. It also covers how to filter packets using Wireshark filters and color rules to differentiate packet types. The document is a training guide that outlines the main functionality and interface of Wireshark.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    16 views21 pages

    Presentasi Wireshark

    Uploaded by

    Budi Isdiyanto
    This document provides a summary of using the network analysis tool Wireshark. It discusses what Wireshark is, its key features like capturing packets in real time and displaying protocol information. It describes how to use Wireshark to analyze packet captures, including sniffing packets, viewing packet contents in the list, detail, and byte panels. It also covers how to filter packets using Wireshark filters and color rules to differentiate packet types. The document is a training guide that outlines the main functionality and interface of Wireshark.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 21

    TRAINING WARESHARK

    By : Budi Isdiyanto

    2020-10-30
    TRAINING AGENDA

    01 What is Wireshark

    02 Wireshark Fitures

    03 Package Analyzer
    (Sniffing)

    04 Filter Wireshark

    05 Wireshark Color Rules


    What is Wireshark?

    Included in one of the


    01 network analysis tools or
    packet sniffers.
    A monitoring application,
    data from an operating
    02 network or from data on
    disk

    Network problem solving,


    analysis, software and
    03 communication protocol
    development, and education. Multi-platform open source
    tools (Windows, Linux, OS X,
    04 Solaris, FreeBSD, NetBSD,
    etc
    Wireshark Fitures
    Capture network data
    01 packets in real time
    Can display network protocol
    06 information from data packets
    completely
    02 Displays statistical data

    Data packet appearance coloring to


    Search data packages 07 facilitate packet data analysis
    03 with specific requirements

    Data packages can be saved as


    08 files and later can be reopened for
    Filtering network data
    04 packets
    further analysis

    Capture network data packets in real


    05 time (requires a physical NIC device)
    Package Analyzer (Sniffing)
    Select one or more networks, open the menu bar, then select Capture. To
    select multiple networks, hold down the Shift key while you make a
    selection.
    Package Analyzer (Sniffing)
    In the Wireshark Capture Interfaces window, select Start.

    There are several other ways to initiate packet fetching. Select the menu with the
    shark fin icon on the left side of the Wireshark toolbar, press Ctrl + E, or double-
    click the grid.
    Package Analyzer (Sniffing)

    Choose File> Save As or choose the Export option to record the capture
    Package Analyzer (Sniffing)
    To stop capturing, press Ctrl + E. Alternatively, open the Wireshark
    toolbar and select the red Stop button located next to the shark fin icon.
    Viewing and Analyzing Package Contents

    The interface of the captured data contains three main parts:

    Package list panel

    Package detail panel

    Package bytes panel


    List Panel Package (Packet List)
    The packet list pane, which is located at the top of itself, shows all packets
    found in the active capture file. Each packet has its own line and an
    associated number assigned to it.

    NO PROTOKOL

    TIME LENGTH

    SOURCE INFO

    DESTINATION
    List Panel Package (Packet List)
    To change the time format to something more useful (like the actual time of
    day), choose View> Time Display Format.
    Detail Panel Package (Packet Detail)
    The detail panel, presents the protocol and protocol fields of the selected
    packets in collapsible format. Apart from expanding each option, you can
    apply individual Wireshark filters based on specific details and follow the
    data flow by protocol type by right-clicking the desired item
    Panel Byte Package (Packet Byte)
    To display this data in bit format as opposed to hexadecimal, right-
    click anywhere in the pane and select as bit.
    Wireshark Filter

    The capture filter instructs Wireshark to only record packets that meet the
    specified criteria. Filters can also be applied to pre-created capture files so
    that only certain packets are shown. This is known as a display filter.

    Wireshark provides a large number of predefined filters by default. To use


    one of these existing filters, the Wireshark autocomplete feature shows
    suggested names as you start typing, making it easier to find the correct
    moniker for the filter you're looking for.
    Wireshark Filter

    put in
    Wireshark filter
    Over herei

    Welcome Screen
    Screen Capture
    Wireshark Filter
    For example, if you want to display only TCP packets, type tcp in the
    Wireshark filter
    Wireshark Filter
    Another way to select a filter is to select a bookmark on the left side of the
    entry field. Select Manage Filter Expressions or Manage Display Filters to
    add, remove, or edit filters.

    1
    2
    Wireshark Color Rules
    While Wireshark's capture and display filters limit which packets are
    recorded or displayed on the screen, its coloring function takes it a
    step further: It can differentiate between different packet types based
    on their individual color. It quickly finds specific packages in the set
    stored by their line color in the package list pane.
    Wireshark Color Rules
    Wireshark comes with around 20 standard coloring rules, each of which can be
    edited, disabled, or deleted. Choose View → Coloring Rules for an overview of
    what each color means. You can also add your own color based filters.

    Choose View→
    Colorize Packet
    List to turn
    packages on and
    off.
    Wireshark Color Rules
    Other useful metrics are available via the Statistics drop-down menu. This
    includes size and time information about the capture file, along with dozens of
    charts and graphs ranging from packet talk topics to loading HTTP request
    distribution.

    View filters can be


    applied to many of
    these statistics via
    their interface, and
    the results can be
    exported to common
    file formats, including
    CSV, XML, and TXT.
    End Of Training
    Thank You

    You might also like