wireshark--

electronis whiz

Joined Jul 29, 2010
512
I have worked with it. shows all the traffic, etc. However I have not been able to figure out how to do much else. Program seems quite useful, but think so complex it makes quite confusing. I've been using MS network monitor. A bit simpler and free also. It also lets me analyze data in packets so I could test security of a connection to another device on my LAN. Not sure what you're concern would be don't have a lot to work with from your question. Only concern I can see is security if an analyzer gets in wrong hands they can see the traffic unless encrypted.
 
Last edited:

tshuck

Joined Oct 18, 2012
3,534
Hi all

Anybody is familiar with Wireshark? I got a small concern with it!


Thanks!
Perhaps you should post your question, instead of asking another one... We'll answer if we know.

Since you have asked the question that you have, I have been known to use it and would say that I'm a bit familiar with it, though I haven't used it recently...
 

Thread Starter

Eric007

Joined Aug 5, 2011
1,158
Here's the problem I am trying to solve:

Attached is the captured packets. Now I am trying to identify the frame that carries the first, the second and the third TCP segment in the three-way handshake that sets up the connection between the http client and server.

but Im a bit confused coz when I open the attached file there's a bunch of TCP frames...I am tryna locate the 1st, 2nd and 3rd as specified above!

Thanks!
 

Attachments

WBahn

Joined Mar 31, 2012
29,979
What is a PCAP file?

I haven't used Wireshark since it was Ethereal.

If possible, try to put the contents into a text file or, failing that, a screen shot.

My guess is that the traffic you are looking for is buried in a bunch of unrelated traffic. Try to segregate the traffic by who's talking to who and also by the type of traffic. Try to filter it on something that has to be in the initial handshake message to try to identify the sender and receiver addresses.
 

n1spx

Joined Sep 23, 2010
4
...
I am tryna locate the 1st, 2nd and 3rd as specified above!

Sort by packet type, select the SYN packet (1st), then right click and pick follow stream.


Disclaimer: Off the top of my head, as I don't have wireshark installed on this computer.
 

Thread Starter

Eric007

Joined Aug 5, 2011
1,158
Thanks Wbahn amd n1spx!

Pcap file is a file that contains all the traffics (packets captured, ie http, dns, tcp,...)

Ok I can filter them so i can see only the tcp packets but then there are more then three...

thanks anyway...i ll figure this out!
 
Top