Wireshark

.MehrdadLinux@Gmail Com
‫عباسی‬ ‫مهرداد‬
: ‫عنوان‬wireshark

What is network packet
● Data 0 – 1
● Media
● packet
● packet-switched network

What is packet analyzer?
● packet analyzer
– network analyzer
– protocol analyzer
– packet sniffer
● particular types of networks
– Ethernet sniffer
– wireless sniffer

Packet sniffers can
● Analyze network problems
● Detect network intrusion attempts
● Detect network misuse by internal and external users
● Documenting regulatory compliance through logging all perimeter and endpoint traffic
● Gain information for effecting a network intrusion
● Isolate exploited systems
● Monitor WAN bandwidth utilization
● Monitor network usage (including internal and external users and systems)
● Monitor data-in-motion
● Monitor WAN and endpoint security status
● Gather and report network statistics
● Filter suspect content from network traffic
● Serve as primary data source for day-to-day network monitoring and management
● Spy on other network users and collect sensitive information such as login details or users cookies (depending on any content encryption methods that may be in use)
● Reverse engineer proprietary protocols used over the network
● Debug client/server communications
● Debug network protocol implementations
● Verify adds, moves and changes
● Verify internal control system effectiveness (firewalls, access control, Web filter, spam filter, proxy)

Notable packet analyzers
● Cain and Abel
● Capsa Network Analyzer
● Carnivore (FBI)
● CommView
● dSniff
● ettercap
● Fiddler
● Kismet
● Lanmeter
● Microsoft Network Monitor
● Microsoft Message Analyzer
● NarusInsight
● NetScout Systems nGenius Infinistream
● ngrep, Network Grep
● OmniPeek
● Riverbed SteelCentral Packet Analyzer (formerly known as Cascade Pilot)
● Riverbed SteelCentral Transaction Analyzer (formerly known as OPNET ATX and ACE)
● SkyGrabber
● snoop
● tcpdump
● Wireshark (formerly known as Ethereal)
● Xplico Open source Network Forensic Analysis Tool

What is Wireshark?
● Wireshark is a free and open-source packet analyzer.
● Developer(s) The Wireshark team
● Stable release 1.12.7 / 12 August 2015; 45 days ago
● Written in C (and C++ in the development version)
● Operating system Cross-platform
● Type Packet analyzer
● License GNU GPL
● Website www.wireshark.org

Wireshark History
● 1990s, Gerald Combs
● a computer science graduate of the University of Missouri–Kansas City
● was working for a small Internet service provider
● The commercial protocol analysis products at the time were priced around $1500
● did not run on the company's primary platforms (Solaris and Linux
● began writing Ethereal and released the first version around 1998
● The Ethereal trademark is owned by Network Integration Services
● In May 2006, Combs accepted a job with CACE Technologies. Combs still held copyright on most of Ethereal's
source code (and the rest was re-distributable under the GNU GPL), so he used the contents of the Ethereal
Subversion repository as the basis for the Wireshark repository. However, he did not own the Ethereal
trademark, so he changed the name to Wireshark
● In 2010 Riverbed Technology purchased CACE and took over as the primary sponsor of Wireshark. Ethereal
development has ceased, and an Ethereal security advisory recommended switching to Wireshark

Wireshark Developer
● Over 850 Developer
● Windows Installer (64-bit)
● Windows Installer (32-bit)
● Windows PortableApps (32-bit)
● OS X 10.6 and later Intel 64-bit .dmg
● OS X 10.6 and later Intel 32-bit .dmg
● Source Code

Wireshark doc
● Online doc
● Offline doc
● books
● Wireshark Certified Network Analyst (WCNA) Program

Intro to wireshark
● Menu
● How to cap
● Test filter
● Have fun ...

Wireshark

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Andere mochten auch

Andere mochten auch (16)

Mehr von Isfahanlug

Mehr von Isfahanlug (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Wireshark