Packet capture and header analysis by wire-shark

Practical 12

Packet capture and header analysis by wire-shark

Q.) What is Wireshark?

è Wireshark is a network packet analyzer. A network packet analyzer presents captured packet data in as much detail as possible.

è You could think of a network packet analyzer as a measuring device for examining what’s happening inside a network cable, just like an electrician uses a voltmeter for examining what’s happening inside an electric cable (but at a higher level, of course).

è In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, that has changed. Wireshark is available for free, is open source, and is one of the best packet analyzers available today.

How to use Wireshark

è You need to know what is normal to find what is abnormal, and Wireshark includes tools to create baseline statistics. While Wireshark is a network protocol analyzer, and not an intrusion detection system (IDS), it can nevertheless prove extremely useful to zeroing in on malicious traffic once a red flag has been raised.

ð Wireshark can also be used to intercept and analyze encrypted TLS traffic. Symmetric session keys are stored in the browser, and with the appropriate browser setting (and permission and knowledge of the user) an administrator can load those session keys into Wireshark and examine unencrypted web traffic.

è Wireshark comes with graphical tools to visualize the statistics. This makes it easy to spot general trends, and to present findings to less-technical management.

AIM: Packet capture and header analysis by wire-shark

(TCP, UDP, IP)

Solution :-

1. Wi-Fi Analysis: