wireshark--

Discussion in 'Computing and Networks' started by Eric007, Apr 8, 2013.

  1. Eric007

    Thread Starter Senior Member

    Aug 5, 2011
    1,041
    33
    Hi all

    Anybody is familiar with Wireshark? I got a small concern with it!


    Thanks!
     
  2. electronis whiz

    Well-Known Member

    Jul 29, 2010
    519
    27
    I have worked with it. shows all the traffic, etc. However I have not been able to figure out how to do much else. Program seems quite useful, but think so complex it makes quite confusing. I've been using MS network monitor. A bit simpler and free also. It also lets me analyze data in packets so I could test security of a connection to another device on my LAN. Not sure what you're concern would be don't have a lot to work with from your question. Only concern I can see is security if an analyzer gets in wrong hands they can see the traffic unless encrypted.
     
    Last edited: Feb 21, 2015
    Eric007 likes this.
  3. tshuck

    Well-Known Member

    Oct 18, 2012
    3,531
    675
    Perhaps you should post your question, instead of asking another one... We'll answer if we know.

    Since you have asked the question that you have, I have been known to use it and would say that I'm a bit familiar with it, though I haven't used it recently...
     
    DerStrom8 and Eric007 like this.
  4. Eric007

    Thread Starter Senior Member

    Aug 5, 2011
    1,041
    33
    Here's the problem I am trying to solve:

    Attached is the captured packets. Now I am trying to identify the frame that carries the first, the second and the third TCP segment in the three-way handshake that sets up the connection between the http client and server.

    but Im a bit confused coz when I open the attached file there's a bunch of TCP frames...I am tryna locate the 1st, 2nd and 3rd as specified above!

    Thanks!
     
  5. WBahn

    Moderator

    Mar 31, 2012
    17,715
    4,788
    What is a PCAP file?

    I haven't used Wireshark since it was Ethereal.

    If possible, try to put the contents into a text file or, failing that, a screen shot.

    My guess is that the traffic you are looking for is buried in a bunch of unrelated traffic. Try to segregate the traffic by who's talking to who and also by the type of traffic. Try to filter it on something that has to be in the initial handshake message to try to identify the sender and receiver addresses.
     
  6. n1spx

    New Member

    Sep 23, 2010
    4
    1

    Sort by packet type, select the SYN packet (1st), then right click and pick follow stream.


    Disclaimer: Off the top of my head, as I don't have wireshark installed on this computer.
     
  7. Eric007

    Thread Starter Senior Member

    Aug 5, 2011
    1,041
    33
    Thanks Wbahn amd n1spx!

    Pcap file is a file that contains all the traffics (packets captured, ie http, dns, tcp,...)

    Ok I can filter them so i can see only the tcp packets but then there are more then three...

    thanks anyway...i ll figure this out!
     
  8. Eric007

    Thread Starter Senior Member

    Aug 5, 2011
    1,041
    33
    Yes It worked!!!:D

    Thanks!
     
Loading...