First Time Running Wireshark


.

102 First Time Running Wireshark

1) Welcome to Wireshark

If this is the first time you run Wireshark, you will see the above window containing a Welcome page.
In Linux system, Wireshark may advise you to log as a non-root user.
Wireshark may display interface device permission error shown below.
    The capture session could not be initiated on interface 'xxxxxx' (You don't have permission to capture on that device).
    Please check to make sure you have sufficient permissions, and that you have the proper interface or pipe specified.
This requires you to run the following superuser command.
sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap

2) Wireshark Network Analyzer

The graph shows active network interfaces.
If you hover the mouse on the graph, you will see the Address (MAC and IP)
You can test the addresses by pinging them in console window.

3) Capturing from selected network

The following screenshot shows a capture of a selected network.

4) Packet List Pane

Each line in the packet list corresponds to one packet in the capture file. If you select a line in this pane, more details will be displayed in the “Packet Details” and “Packet Bytes” panes.

While dissecting a packet, Wireshark will place information from the protocol dissectors into the columns. As higher level protocols might overwrite information from lower levels, you will typically see the information from the highest possible level only.

There are a lot of different columns available. Which columns are displayed can be selected by preference settings.

The default columns will show:
No. The number of the packet in the capture file. This number won’t change, even if a display filter is used.
Time The timestamp of the packet. The presentation format of this timestamp can be changed.
Source The address where this packet is coming from.
Destination The address where this packet is going to.
Protocol The protocol name in a short (perhaps abbreviated) version.
Length The length of each packet.
Info Additional information about the packet content.

The first column shows how each packet is related to the selected packet.
Related packet symbols.

5) Packet Details Pane

The packet details pane shows the current packet (selected in the “Packet List” pane) in a more detailed form.
This pane shows the protocols and protocol fields of the packet selected in the “Packet List” pane. The protocols and fields of the packet shown in a tree which can be expanded and collapsed.

There is a context menu (right mouse click) available.
Some protocol fields have special meanings.
  • Generated fields. Wireshark itself will generate additional protocol information which isn’t present in the captured data. This information is enclosed in square brackets (‘[’ and ‘]’). Generated information includes response times, TCP analysis, GeoIP information, and checksum validation.
  • Links. If Wireshark detects a relationship to another packet in the capture file it will generate a link to that packet. Links are underlined and displayed in blue. If you double-clicked on a link Wireshark will jump to the corresponding packet.

6) Packet Bytes Pane

The packet bytes pane shows the data of the current packet (selected in the “Packet List” pane) in a hexdump style.
The “Packet Bytes” pane shows a canonical hex dump of the packet data. Each line contains the data offset, sixteen hexadecimal bytes, and sixteen ASCII bytes. Non-printable bytes are replaced with a period (‘.’).

TERMS

Image result for what is mac address
A media access control address (MAC address), also called a physical address, of a computer which is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet and WiFi.

MAC address - Wikipedia, the free encyclopedia

https://en.wikipedia.org/wiki/MAC_address
Wikipedia

What is IP address (Internet Protocol)? Webopedia Definition

www.webopedia.com › TERM › I
An IP address is an identifier for a computer or device on a TCP/IP network. Networks using the TCP/IP protocol route messages based on the IP address of the destination.

What is an IP address? | HowStuffWorks

computer.howstuffworks.com/internet/basics/question549.htm
There are two standards for IP addresses: IP Version 4 (IPv4) and IP Version 6 (IPv6).

SSDP

Simple Service Discovery Protocol - The Wireshark Wiki

https://wiki.wireshark.org/SSDP
Wireshark
Mar 14, 2016 - Simple Service Discovery Protocol (SSDP) The SSDP protocol can discover Plug & Play devices, with uPnP (Universal Plug and Play). SSDP uses unicast and multicast adress (239.255.255.250). SSDP is HTTP like protocol and work with NOTIFY and M-SEARCH methods.SSDP can be used over IPv4 and IPv6.

UDP

User_Datagram_Protocol - The Wireshark Wiki

https://wiki.wireshark.org/User_Datagram_Protocol
Wireshark
Jul 24, 2011 - User Datagram Protocol (UDP). The UDP layer provides datagram based connectionless transport layer (layer 4) functionality in the ...

HTTP

Hyper_Text_Transfer_Protocol - The Wireshark Wiki

https://wiki.wireshark.org/Hyper_Text_Transfer_Protocol
Wireshark
The HTTP protocol header is text-based, where headers are written in text lines. HTTP/1.1 allows for client-server connections to be pipelined, whereby multiple ...

Wireshark · Display Filter Reference: Canon BJNP

https://www.wireshark.org/docs/dfref/b/bjnp.html
Wireshark
Protocol field name: bjnp ... bjnp.code, Code, Unsigned integer, 1 byte, 1.2.0 to 2.0.4 ...bjnp.session_id, Session Id, Unsigned integer, 2 bytes, 1.2.0 to 2.0.4.
.

0 Comments: