Discussion in 'Computing and Networks' started by Eric007, Apr 8, 2013.
Anybody is familiar with Wireshark? I got a small concern with it!
I have worked with it. shows all the traffic, etc. However I have not been able to figure out how to do much else. Program seems quite useful, but think so complex it makes quite confusing. I've been using MS network monitor. A bit simpler and free also. It also lets me analyze data in packets so I could test security of a connection to another device on my LAN. Not sure what you're concern would be don't have a lot to work with from your question. Only concern I can see is security if an analyzer gets in wrong hands they can see the traffic unless encrypted.
Perhaps you should post your question, instead of asking another one... We'll answer if we know.
Since you have asked the question that you have, I have been known to use it and would say that I'm a bit familiar with it, though I haven't used it recently...
Here's the problem I am trying to solve:
Attached is the captured packets. Now I am trying to identify the frame that carries the first, the second and the third TCP segment in the three-way handshake that sets up the connection between the http client and server.
but Im a bit confused coz when I open the attached file there's a bunch of TCP frames...I am tryna locate the 1st, 2nd and 3rd as specified above!
What is a PCAP file?
I haven't used Wireshark since it was Ethereal.
If possible, try to put the contents into a text file or, failing that, a screen shot.
My guess is that the traffic you are looking for is buried in a bunch of unrelated traffic. Try to segregate the traffic by who's talking to who and also by the type of traffic. Try to filter it on something that has to be in the initial handshake message to try to identify the sender and receiver addresses.
Sort by packet type, select the SYN packet (1st), then right click and pick follow stream.
Disclaimer: Off the top of my head, as I don't have wireshark installed on this computer.
Thanks Wbahn amd n1spx!
Pcap file is a file that contains all the traffics (packets captured, ie http, dns, tcp,...)
Ok I can filter them so i can see only the tcp packets but then there are more then three...
thanks anyway...i ll figure this out!
Yes It worked!!!