This is not an exhaustive or all-encompassing tutorial, but hopefully will help to shed light on the steps that most people might take when trying to pinpoint details about a particular application or packet stream on the network. What follows is a basic walkthrough of some of the steps you might follow when undertaking a preliminary investigation of a specific target on your network, and how it might benefit you depending on the objective in mind. It is a freeware tool that, once mastered, can provide valuable insight into your environment, allowing you to see what’s happening on your network. Quit without Saving to discard the captured traffic.Wireshark is a very useful tool for information security professionals and is thought of by many as the de facto standard in network packet and protocol analysis. Close Wireshark to complete this activity.Notice that the destination address is your IP address.
Notice that the source address is the default gateway IP address. This should contain the MAC address of your default gateway. In the top Wireshark packet list pane, select the second ICMP packet, labeled Echo (ping) reply.Notice that the destination address is the default gateway IP address.Īctivity 3 - Analyze Local IPv4 Inbound Traffic Notice that the source address is your IP address. Expand Internet Protocol Version 4 to view IP details.Notice that the type is 0x0800, indicating IP. You can use ipconfig /all or getmac to confirm. Expand Ethernet II to view Ethernet details.Notice that it is an Ethernet II / Internet Protocol Version 4 / Internet Control Message Protocol frame. Observe the packet details in the middle Wireshark packet details pane.Select the first ICMP packet, labeled Echo (ping) request.To view only ICMP traffic, type icmp (lower case) in the Filter box and press Enter. Look for traffic with ICMP listed as the protocol. Observe the traffic captured in the top Wireshark packet list pane.Use ping to ping the default gateway address.Īctivity 2 - Analyze Local IPv4 Outbound Traffic.These activities will show you how to use Wireshark to capture and analyze local IPv4 traffic.Īctivity 1 - Capture Local IPv4 Traffic Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. 5 Activity 3 - Analyze Local IPv4 Inbound Traffic.4 Activity 2 - Analyze Local IPv4 Outbound Traffic.3 Activity 1 - Capture Local IPv4 Traffic.
0 kommentar(er)
