SlideShare ist ein Scribd-Unternehmen logo

Network Packet Analysis with Wireshark

•Als PPTX, PDF herunterladen•
•
Jim Gilsinn
Jim Gilsinn

This document discusses the network packet analysis tool Wireshark. It begins with an introduction to Jim Gilsinn and his background in cybersecurity and industrial control systems. It then provides an overview of Wireshark, describing it as an open-source, multi-platform network protocol analyzer that allows users to capture, interactively browse, and decode network traffic. Key features of Wireshark like its large protocol support and graphical interface are highlighted. The document concludes by discussing advanced analysis features, developing custom protocol decoders, and providing resources for more information on Wireshark.

TechnologieBusiness
1 von 13
Network Packet Analysis with Wireshark Jim Gilsinn National Institute of Standards & Technology Engineering Laboratory Standards Certification Education & Training Publishing Conferences & Exhibits
Jim Gilsinn - Bio • Electronics Engineer with NIST/EL for over 20 years • Cybersecurity for Factory Control Systems – Co-Chair and General Editor, ISA99 Committee – Co-Chair, ISA99 WG2, Security Program – Co-Chair, ISA99 WG7, Safety & Security • Factory Equipment Network Testing Framework – Co-Investigator & Main Developer, FENT software – Extension of previous IENetP project • Education – MSEE in Controls from Johns Hopkins University – BSEE in Controls from Drexel University 2
What is Wireshark? • The De-Factor Network Protocol Analyzer – – – – Open-Source (GNU Public License) Multi-platform Easily extensible Large development group • Allows Users to… – Capture network traffic – Interactively browse that traffic – Decode packet protocols using dissectors • Previously Named “Ethereal” 3
What is Wireshark? • Development Version (as of last night @ 11:30pm) – 1,300+ Protocols – 112,600+ Protocol Header Fields • Almost Every Ethernet/TCP/IP Protocol • Many Industrial Ethernet Protocols – – – – – – – – – – – – BACnet EtherNet/IP & CIP, CIP Safety, CIP Motion DNP 3.0 EtherCAT Foundation Fieldbus IEC 61850 & GOOSE Modbus & Modbus/TCP openSAFETY Profinet SERCOS III TTEthernet Zigbee 4
Network Layering • Network Protocols Generally Have Some Header – – – – Who sent the information Who needs the information Information about the payload Other protocol specific information • Headers Can Be Significant Part of Packet – Ethernet/IP/UDP – Minimum 42 Bytes of Header (65%) – Minimum 64 Bytes Ethernet packet – Many industrial Ethernet protocols only transmit a few bytes of data in real-time ?? Bytes 8/20+ Bytes 20 Bytes IP Header Protocol Header UDP/TCP Header Data TCP Payload IP Payload 14 Bytes Ethernet Header Ethernet Payload 5
Wireshark Welcome Screen 6
Wireshark Packet Analysis Window 7
Wireshark Packet Analysis Demo • • • • Packet Decoder Window Layering Bytes on Wire Protocol Filters – Capture Filters – Display Filters 8
Wireshark Capture & Exporting Demo • • • • Capturing Live Traffic Saving Packet Capture Files Exporting Packet Capture Files Marking Sections of Captures 9
Advanced Features of Wireshark GUI • Statistics – – – – Conversations Endpoints IO Graphs Flow Graphs • Firewall ACL Rules 10
Using & Interfacing With Wireshark • Wireshark Strictly Uses GNU Public License – Any derived work with Wireshark code SHALL be open-source • You Can Use Wireshark Hands-Off, Though – Network Socket Interface – Tshark.exe • Network Socket Interface – Rudimentary control • Tshark.exe – Most features available through command-line interface 11
Developing Your Own Protocol Dissectors • Not Every Protocol Exists in Wireshark – When you need a protocol that doesn’t exist, you can relatively easily build your own dissector • Not Every Protocol Dissector Has Full Coverage – Open-source software allows anyone to modify the code – Protocols generally change over time – The original dissector developer may not exist any longer • Bugs Can Exist in Dissectors – Code almost always has bugs 12
For More Information… • Wireshark Website – http://www.wireshark.org • Wireshark Documentation – http://www.wireshark.org/docs/ • Wireshark Wiki – http://wiki.wireshark.org 13

Empfohlen

Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wiresharkBasaveswar Kureti
 
Wireshark tutorial
Wireshark tutorialWireshark tutorial
Wireshark tutorialChaman Poorani
 
Wireshark
WiresharkWireshark
WiresharkSourav Roy
 
Wireshark
Wireshark Wireshark
Wireshark antivirusspam
 
Wireshark
WiresharkWireshark
WiresharkKasun Madusanke
 
Wireshark
WiresharkWireshark
WiresharkVijay kumar
 
Wireshark - presentation
Wireshark - presentationWireshark - presentation
Wireshark - presentationKateryna Haskova
 
Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic AnalysisDavid Sweigert
 

Empfohlen

Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wiresharkBasaveswar Kureti
 
Wireshark tutorial
Wireshark tutorialWireshark tutorial
Wireshark tutorialChaman Poorani
 
Wireshark
WiresharkWireshark
WiresharkSourav Roy
 
Wireshark
Wireshark Wireshark
Wireshark antivirusspam
 
Wireshark
WiresharkWireshark
WiresharkKasun Madusanke
 
Wireshark
WiresharkWireshark
WiresharkVijay kumar
 
Wireshark - presentation
Wireshark - presentationWireshark - presentation
Wireshark - presentationKateryna Haskova
 
Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic AnalysisDavid Sweigert
 
Wireshark
WiresharkWireshark
Wiresharklakshya dubey
 
wireshark
wiresharkwireshark
wiresharkMirza Baig
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li Inmhaviv
 
Wireshark
WiresharkWireshark
WiresharkAlanoud Alqoufi
 
Workshop Wireshark
Workshop Wireshark Workshop Wireshark
Workshop Wireshark Fabio Rosa
 
Practical Packet Analysis: Wireshark
Practical Packet Analysis: Wireshark Practical Packet Analysis: Wireshark
Practical Packet Analysis: Wireshark Ashley Wheeler
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark TutorialCoursenvy.com
 
Wireshark ppt
Wireshark pptWireshark ppt
Wireshark pptbala150985
 
Network analysis Using Wireshark Lesson 11: TCP and UDP Analysis
Network analysis Using Wireshark Lesson 11: TCP and UDP AnalysisNetwork analysis Using Wireshark Lesson 11: TCP and UDP Analysis
Network analysis Using Wireshark Lesson 11: TCP and UDP AnalysisYoram Orzach
 
Wireshark network analysing software
Wireshark network analysing softwareWireshark network analysing software
Wireshark network analysing softwaredharmesh nakum
 
Wireshark.pptx
Wireshark.pptxWireshark.pptx
Wireshark.pptxSalmanKhan222894
 
Wireshark
WiresharkWireshark
WiresharkKushagra Ganeriwal
 
Vlan
Vlan Vlan
Vlan sanss40
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filtersMOHIT AGARWAL
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic PresentationMD. SHORIFUL ISLAM
 
Snort
SnortSnort
SnortStickman Hai
 
Network packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisNetwork packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisManjushree Mashal
 
Protocolo Ip e IPV4 vs IPV6 - Modelo OSI - Telecomunicaciones
Protocolo Ip e IPV4 vs IPV6 - Modelo OSI - Telecomunicaciones Protocolo Ip e IPV4 vs IPV6 - Modelo OSI - Telecomunicaciones
Protocolo Ip e IPV4 vs IPV6 - Modelo OSI - Telecomunicaciones Ale OH
 
internet protocol
internet protocolinternet protocol
internet protocolAfeef Musthafa
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark BasicsYoram Orzach
 
Wireshark
WiresharkWireshark
Wiresharkbtohara
 

Weitere ähnliche Inhalte

Was ist angesagt?

wireshark
wiresharkwireshark
wiresharkMirza Baig
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li Inmhaviv
 
Workshop Wireshark
Workshop Wireshark Workshop Wireshark
Workshop Wireshark Fabio Rosa
 
Practical Packet Analysis: Wireshark
Practical Packet Analysis: Wireshark Practical Packet Analysis: Wireshark
Practical Packet Analysis: Wireshark Ashley Wheeler
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark TutorialCoursenvy.com
 
Wireshark ppt
Wireshark pptWireshark ppt
Wireshark pptbala150985
 
Network analysis Using Wireshark Lesson 11: TCP and UDP Analysis
Network analysis Using Wireshark Lesson 11: TCP and UDP AnalysisNetwork analysis Using Wireshark Lesson 11: TCP and UDP Analysis
Network analysis Using Wireshark Lesson 11: TCP and UDP AnalysisYoram Orzach
 
Wireshark network analysing software
Wireshark network analysing softwareWireshark network analysing software
Wireshark network analysing softwaredharmesh nakum
 
Vlan
Vlan Vlan
Vlan sanss40
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filtersMOHIT AGARWAL
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic PresentationMD. SHORIFUL ISLAM
 
Network packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisNetwork packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisManjushree Mashal
 
Protocolo Ip e IPV4 vs IPV6 - Modelo OSI - Telecomunicaciones
Protocolo Ip e IPV4 vs IPV6 - Modelo OSI - Telecomunicaciones Protocolo Ip e IPV4 vs IPV6 - Modelo OSI - Telecomunicaciones
Protocolo Ip e IPV4 vs IPV6 - Modelo OSI - Telecomunicaciones Ale OH
 
internet protocol
internet protocolinternet protocol
internet protocolAfeef Musthafa
 

Was ist angesagt? (20)

Wireshark
WiresharkWireshark
Wireshark
 
wireshark
wiresharkwireshark
wireshark
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li In
 
Wireshark
WiresharkWireshark
Wireshark
 
Workshop Wireshark
Workshop Wireshark Workshop Wireshark
Workshop Wireshark
 
Practical Packet Analysis: Wireshark
Practical Packet Analysis: Wireshark Practical Packet Analysis: Wireshark
Practical Packet Analysis: Wireshark
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
 
Wireshark ppt
Wireshark pptWireshark ppt
Wireshark ppt
 
Network analysis Using Wireshark Lesson 11: TCP and UDP Analysis
Network analysis Using Wireshark Lesson 11: TCP and UDP AnalysisNetwork analysis Using Wireshark Lesson 11: TCP and UDP Analysis
Network analysis Using Wireshark Lesson 11: TCP and UDP Analysis
 
Wireshark network analysing software
Wireshark network analysing softwareWireshark network analysing software
Wireshark network analysing software
 
Wireshark.pptx
Wireshark.pptxWireshark.pptx
Wireshark.pptx
 
Wireshark
WiresharkWireshark
Wireshark
 
Vlan
Vlan Vlan
Vlan
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filters
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic Presentation
 
Snort
SnortSnort
Snort
 
Network packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisNetwork packet analysis -capture and Analysis
Network packet analysis -capture and Analysis
 
Protocolo Ip e IPV4 vs IPV6 - Modelo OSI - Telecomunicaciones
Protocolo Ip e IPV4 vs IPV6 - Modelo OSI - Telecomunicaciones Protocolo Ip e IPV4 vs IPV6 - Modelo OSI - Telecomunicaciones
Protocolo Ip e IPV4 vs IPV6 - Modelo OSI - Telecomunicaciones
 
internet protocol
internet protocolinternet protocol
internet protocol
 

Andere mochten auch

Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark BasicsYoram Orzach
 
Wireshark
WiresharkWireshark
Wiresharkbtohara
 
Network Analysis Using Wireshark 1
Network Analysis Using Wireshark 1Network Analysis Using Wireshark 1
Network Analysis Using Wireshark 1Yoram Orzach
 
2015 03 06 lmtv wtf http webcast
2015 03 06 lmtv wtf http webcast2015 03 06 lmtv wtf http webcast
2015 03 06 lmtv wtf http webcastTony Fortunato
 
2015 02 24 lmtv baselining
2015 02 24 lmtv baselining2015 02 24 lmtv baselining
2015 02 24 lmtv baseliningTony Fortunato
 
Osi model explained with wireshark
Osi model explained with wiresharkOsi model explained with wireshark
Osi model explained with wiresharkJoshua Kathiravan
 
CapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet InspectionCapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet InspectionChris Harrington
 
Debugging with Fiddler
Debugging with FiddlerDebugging with Fiddler
Debugging with FiddlerIdo Flatow
 
Deep Packet Inspection technology evolution
Deep Packet Inspection technology evolutionDeep Packet Inspection technology evolution
Deep Packet Inspection technology evolutionDaniel Vinyar
 
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)Denny K
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet AnalysisAmmar WK
 
TCPdump-Wireshark
TCPdump-WiresharkTCPdump-Wireshark
TCPdump-WiresharkHarsh Singh
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentationSuryansh Srivastava
 

Andere mochten auch (17)

Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark Basics
 
Wireshark
WiresharkWireshark
Wireshark
 
Wireshark
WiresharkWireshark
Wireshark
 
Wireshark
WiresharkWireshark
Wireshark
 
Network Analysis Using Wireshark 1
Network Analysis Using Wireshark 1Network Analysis Using Wireshark 1
Network Analysis Using Wireshark 1
 
2015 03 06 lmtv wtf http webcast
2015 03 06 lmtv wtf http webcast2015 03 06 lmtv wtf http webcast
2015 03 06 lmtv wtf http webcast
 
2015 02 24 lmtv baselining
2015 02 24 lmtv baselining2015 02 24 lmtv baselining
2015 02 24 lmtv baselining
 
Osi model explained with wireshark
Osi model explained with wiresharkOsi model explained with wireshark
Osi model explained with wireshark
 
CapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet InspectionCapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet Inspection
 
Debugging with Fiddler
Debugging with FiddlerDebugging with Fiddler
Debugging with Fiddler
 
Deep Packet Inspection technology evolution
Deep Packet Inspection technology evolutionDeep Packet Inspection technology evolution
Deep Packet Inspection technology evolution
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
 
OSI layers
OSI layersOSI layers
OSI layers
 
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
OSTU - Quickstart Guide for Wireshark (by Tony Fortunato)
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet Analysis
 
TCPdump-Wireshark
TCPdump-WiresharkTCPdump-Wireshark
TCPdump-Wireshark
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 

Ähnlich wie Network Packet Analysis with Wireshark

How to Implement SDN Technology in ITB
How to Implement SDN Technology in ITBHow to Implement SDN Technology in ITB
How to Implement SDN Technology in ITBSDNRG ITB
 
Telco junho cost-effective approach for telco network analysis in 5_g_final
Telco junho cost-effective approach for telco network analysis in 5_g_finalTelco junho cost-effective approach for telco network analysis in 5_g_final
Telco junho cost-effective approach for telco network analysis in 5_g_finalJunho Suh
 
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDN
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDNTech Tutorial by Vikram Dham: Let's build MPLS router using SDN
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDNnvirters
 
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...cmstiernberg
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applicationscmstiernberg
 
Why choose pan
Why choose panWhy choose pan
Why choose panAchmad Yudo
 
Tech 2 tech low latency networking on Janet presentation
Tech 2 tech low latency networking on Janet presentationTech 2 tech low latency networking on Janet presentation
Tech 2 tech low latency networking on Janet presentationJisc
 
Introduction to Fog
Introduction to FogIntroduction to Fog
Introduction to FogCisco DevNet
 
Cisco Multi-Service FAN Solution
Cisco Multi-Service FAN SolutionCisco Multi-Service FAN Solution
Cisco Multi-Service FAN SolutionCisco DevNet
 
Platforms for Accelerating the Software Defined and Virtual Infrastructure
Platforms for Accelerating the Software Defined and Virtual InfrastructurePlatforms for Accelerating the Software Defined and Virtual Infrastructure
Platforms for Accelerating the Software Defined and Virtual Infrastructure6WIND
 
Practical 7 - Using Wireshark Tutorial and Hands-on
Practical 7 - Using Wireshark Tutorial and Hands-onPractical 7 - Using Wireshark Tutorial and Hands-on
Practical 7 - Using Wireshark Tutorial and Hands-onQaisSaifQassim
 
SDN/NFV: Service Chaining
SDN/NFV: Service Chaining SDN/NFV: Service Chaining
SDN/NFV: Service Chaining Odinot Stanislas
 
Intro to firewalls
Intro to firewallsIntro to firewalls
Intro to firewallsJoshua Johnston
 
Building a Router
Building a RouterBuilding a Router
Building a RouterHannes Gredler
 
BKK16-205 RDK-B IoT
BKK16-205 RDK-B IoTBKK16-205 RDK-B IoT
BKK16-205 RDK-B IoTLinaro
 
Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data DATA SECURITY SOLUTIONS
 
Presentation on wireshark
Presentation on wiresharkPresentation on wireshark
Presentation on wiresharkAnil Thalor
 
L6 6 lowpan
L6 6 lowpanL6 6 lowpan
L6 6 lowpanbimal2638
 

Ähnlich wie Network Packet Analysis with Wireshark (20)

How to Implement SDN Technology in ITB
How to Implement SDN Technology in ITBHow to Implement SDN Technology in ITB
How to Implement SDN Technology in ITB
 
Telco junho cost-effective approach for telco network analysis in 5_g_final
Telco junho cost-effective approach for telco network analysis in 5_g_finalTelco junho cost-effective approach for telco network analysis in 5_g_final
Telco junho cost-effective approach for telco network analysis in 5_g_final
 
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDN
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDNTech Tutorial by Vikram Dham: Let's build MPLS router using SDN
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDN
 
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applications
 
Why choose pan
Why choose panWhy choose pan
Why choose pan
 
Tech 2 tech low latency networking on Janet presentation
Tech 2 tech low latency networking on Janet presentationTech 2 tech low latency networking on Janet presentation
Tech 2 tech low latency networking on Janet presentation
 
Introduction to Fog
Introduction to FogIntroduction to Fog
Introduction to Fog
 
Cisco Multi-Service FAN Solution
Cisco Multi-Service FAN SolutionCisco Multi-Service FAN Solution
Cisco Multi-Service FAN Solution
 
Platforms for Accelerating the Software Defined and Virtual Infrastructure
Platforms for Accelerating the Software Defined and Virtual InfrastructurePlatforms for Accelerating the Software Defined and Virtual Infrastructure
Platforms for Accelerating the Software Defined and Virtual Infrastructure
 
Practical 7 - Using Wireshark Tutorial and Hands-on
Practical 7 - Using Wireshark Tutorial and Hands-onPractical 7 - Using Wireshark Tutorial and Hands-on
Practical 7 - Using Wireshark Tutorial and Hands-on
 
SDN/NFV: Service Chaining
SDN/NFV: Service Chaining SDN/NFV: Service Chaining
SDN/NFV: Service Chaining
 
Intro to firewalls
Intro to firewallsIntro to firewalls
Intro to firewalls
 
Building a Router
Building a RouterBuilding a Router
Building a Router
 
BKK16-205 RDK-B IoT
BKK16-205 RDK-B IoTBKK16-205 RDK-B IoT
BKK16-205 RDK-B IoT
 
FieldServer for Integrators Overview
FieldServer for Integrators OverviewFieldServer for Integrators Overview
FieldServer for Integrators Overview
 
Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data
 
Presentation on wireshark
Presentation on wiresharkPresentation on wireshark
Presentation on wireshark
 
L6 6 lowpan
L6 6 lowpanL6 6 lowpan
L6 6 lowpan
 
W4 profinet frame analysis, peter thomas
W4 profinet frame analysis, peter thomasW4 profinet frame analysis, peter thomas
W4 profinet frame analysis, peter thomas
 

Mehr von Jim Gilsinn

ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToJim Gilsinn
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
 
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksNetwork Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksJim Gilsinn
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMJim Gilsinn
 
Cook Like a Hacker!
Cook Like a Hacker!Cook Like a Hacker!
Cook Like a Hacker!Jim Gilsinn
 
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsIntegrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsJim Gilsinn
 
ICS Performance Lab
ICS Performance LabICS Performance Lab
ICS Performance LabJim Gilsinn
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSJim Gilsinn
 
Low-Cost ICS Network Performance Testing
Low-Cost ICS Network Performance TestingLow-Cost ICS Network Performance Testing
Low-Cost ICS Network Performance TestingJim Gilsinn
 
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Jim Gilsinn
 
You name it, we analyze it
You name it, we analyze itYou name it, we analyze it
You name it, we analyze itJim Gilsinn
 
Wireshark Network Protocol Analyzer
Wireshark Network Protocol AnalyzerWireshark Network Protocol Analyzer
Wireshark Network Protocol AnalyzerJim Gilsinn
 
Test Tool for Industrial Ethernet Network Performance (June 2009)
Test Tool for Industrial Ethernet Network Performance (June 2009)Test Tool for Industrial Ethernet Network Performance (June 2009)
Test Tool for Industrial Ethernet Network Performance (June 2009)Jim Gilsinn
 

Mehr von Jim Gilsinn (14)

ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and Production
 
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksNetwork Security: Protecting SOHO Networks
Network Security: Protecting SOHO Networks
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
 
Cook Like a Hacker!
Cook Like a Hacker!Cook Like a Hacker!
Cook Like a Hacker!
 
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsIntegrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of Standards
 
ICS Performance Lab
ICS Performance LabICS Performance Lab
ICS Performance Lab
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICS
 
Low-Cost ICS Network Performance Testing
Low-Cost ICS Network Performance TestingLow-Cost ICS Network Performance Testing
Low-Cost ICS Network Performance Testing
 
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
 
You name it, we analyze it
You name it, we analyze itYou name it, we analyze it
You name it, we analyze it
 
Wireshark Network Protocol Analyzer
Wireshark Network Protocol AnalyzerWireshark Network Protocol Analyzer
Wireshark Network Protocol Analyzer
 
Test Tool for Industrial Ethernet Network Performance (June 2009)
Test Tool for Industrial Ethernet Network Performance (June 2009)Test Tool for Industrial Ethernet Network Performance (June 2009)
Test Tool for Industrial Ethernet Network Performance (June 2009)
 

KĂźrzlich hochgeladen

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

KĂźrzlich hochgeladen (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Network Packet Analysis with Wireshark

  • 1. Network Packet Analysis with Wireshark Jim Gilsinn National Institute of Standards & Technology Engineering Laboratory Standards Certification Education & Training Publishing Conferences & Exhibits
  • 2. Jim Gilsinn - Bio • Electronics Engineer with NIST/EL for over 20 years • Cybersecurity for Factory Control Systems – Co-Chair and General Editor, ISA99 Committee – Co-Chair, ISA99 WG2, Security Program – Co-Chair, ISA99 WG7, Safety & Security • Factory Equipment Network Testing Framework – Co-Investigator & Main Developer, FENT software – Extension of previous IENetP project • Education – MSEE in Controls from Johns Hopkins University – BSEE in Controls from Drexel University 2
  • 3. What is Wireshark? • The De-Factor Network Protocol Analyzer – – – – Open-Source (GNU Public License) Multi-platform Easily extensible Large development group • Allows Users to… – Capture network traffic – Interactively browse that traffic – Decode packet protocols using dissectors • Previously Named “Ethereal” 3
  • 4. What is Wireshark? • Development Version (as of last night @ 11:30pm) – 1,300+ Protocols – 112,600+ Protocol Header Fields • Almost Every Ethernet/TCP/IP Protocol • Many Industrial Ethernet Protocols – – – – – – – – – – – – BACnet EtherNet/IP & CIP, CIP Safety, CIP Motion DNP 3.0 EtherCAT Foundation Fieldbus IEC 61850 & GOOSE Modbus & Modbus/TCP openSAFETY Profinet SERCOS III TTEthernet Zigbee 4
  • 5. Network Layering • Network Protocols Generally Have Some Header – – – – Who sent the information Who needs the information Information about the payload Other protocol specific information • Headers Can Be Significant Part of Packet – Ethernet/IP/UDP – Minimum 42 Bytes of Header (65%) – Minimum 64 Bytes Ethernet packet – Many industrial Ethernet protocols only transmit a few bytes of data in real-time ?? Bytes 8/20+ Bytes 20 Bytes IP Header Protocol Header UDP/TCP Header Data TCP Payload IP Payload 14 Bytes Ethernet Header Ethernet Payload 5
  • 8. Wireshark Packet Analysis Demo • • • • Packet Decoder Window Layering Bytes on Wire Protocol Filters – Capture Filters – Display Filters 8
  • 9. Wireshark Capture & Exporting Demo • • • • Capturing Live Traffic Saving Packet Capture Files Exporting Packet Capture Files Marking Sections of Captures 9
  • 10. Advanced Features of Wireshark GUI • Statistics – – – – Conversations Endpoints IO Graphs Flow Graphs • Firewall ACL Rules 10
  • 11. Using & Interfacing With Wireshark • Wireshark Strictly Uses GNU Public License – Any derived work with Wireshark code SHALL be open-source • You Can Use Wireshark Hands-Off, Though – Network Socket Interface – Tshark.exe • Network Socket Interface – Rudimentary control • Tshark.exe – Most features available through command-line interface 11
  • 12. Developing Your Own Protocol Dissectors • Not Every Protocol Exists in Wireshark – When you need a protocol that doesn’t exist, you can relatively easily build your own dissector • Not Every Protocol Dissector Has Full Coverage – Open-source software allows anyone to modify the code – Protocols generally change over time – The original dissector developer may not exist any longer • Bugs Can Exist in Dissectors – Code almost always has bugs 12
  • 13. For More Information… • Wireshark Website – http://www.wireshark.org • Wireshark Documentation – http://www.wireshark.org/docs/ • Wireshark Wiki – http://wiki.wireshark.org 13