.
102 First Time Running Wireshark
1) Welcome to Wireshark
If this is the first time you run Wireshark, you will see the above window containing a Welcome page.
2) Wireshark Network Analyzer
The graph shows active network interfaces.
If you hover the mouse on the graph, you will see the Address (MAC and IP)
You can test the addresses by pinging them in console window.
3) Capturing from selected network
The following screenshot shows a capture of a selected network.
4) Packet List Pane
Each line in the packet list corresponds to one packet in the capture file. If you select a line in this pane, more details will be displayed in the “Packet Details” and “Packet Bytes” panes.
While dissecting a packet, Wireshark will place information from the protocol dissectors into the columns. As higher level protocols might overwrite information from lower levels, you will typically see the information from the highest possible level only.
There are a lot of different columns available. Which columns are displayed can be selected by preference settings.
The default columns will show:
While dissecting a packet, Wireshark will place information from the protocol dissectors into the columns. As higher level protocols might overwrite information from lower levels, you will typically see the information from the highest possible level only.
There are a lot of different columns available. Which columns are displayed can be selected by preference settings.
The default columns will show:
No. The number of the packet in the capture file. This number won’t change, even if a display filter is used.
Time The timestamp of the packet. The presentation format of this timestamp can be changed. Source The address where this packet is coming from. Destination The address where this packet is going to. Protocol The protocol name in a short (perhaps abbreviated) version. Length The length of each packet. Info Additional information about the packet content. |
The first column shows how each packet is related to the selected packet.
Related packet symbols.
5) Packet Details Pane
The packet details pane shows the current packet (selected in the “Packet List” pane) in a more detailed form.
This pane shows the protocols and protocol fields of the packet selected in the “Packet List” pane. The protocols and fields of the packet shown in a tree which can be expanded and collapsed.
There is a context menu (right mouse click) available.
There is a context menu (right mouse click) available.
Some protocol fields have special meanings.
- Generated fields. Wireshark itself will generate additional protocol information which isn’t present in the captured data. This information is enclosed in square brackets (‘[’ and ‘]’). Generated information includes response times, TCP analysis, GeoIP information, and checksum validation.
- Links. If Wireshark detects a relationship to another packet in the capture file it will generate a link to that packet. Links are underlined and displayed in blue. If you double-clicked on a link Wireshark will jump to the corresponding packet.
6) Packet Bytes Pane
The packet bytes pane shows the data of the current packet (selected in the “Packet List” pane) in a hexdump style.
The “Packet Bytes” pane shows a canonical hex dump of the packet data. Each line contains the data offset, sixteen hexadecimal bytes, and sixteen ASCII bytes. Non-printable bytes are replaced with a period (‘.’).
TERMS
A media access control address (MAC address), also called a physical address, of a computer which is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet and WiFi.
MAC address - Wikipedia, the free encyclopedia
https://en.wikipedia.org/wiki/MAC_address
Wikipedia
|
What is IP address (Internet Protocol)? Webopedia Definition
www.webopedia.com › TERM › I
An IP address is an identifier for a computer or device on a TCP/IP network. Networks using the TCP/IP protocol route messages based on the IP address of the destination.
|
What is an IP address? | HowStuffWorks
computer.howstuffworks.com/internet/basics/question549.htm
There are two standards for IP addresses: IP Version 4 (IPv4) and IP Version 6 (IPv6).
|
SSDPSimple Service Discovery Protocol - The Wireshark Wiki
https://wiki.wireshark.org/SSDP
Wireshark
Mar 14, 2016 - Simple Service Discovery Protocol (SSDP) The SSDP protocol can discover Plug & Play devices, with uPnP (Universal Plug and Play). SSDP uses unicast and multicast adress (239.255.255.250). SSDP is HTTP like protocol and work with NOTIFY and M-SEARCH methods.SSDP can be used over IPv4 and IPv6.
|
UDPUser_Datagram_Protocol - The Wireshark Wiki
https://wiki.wireshark.org/User_Datagram_Protocol
Wireshark
Jul 24, 2011 - User Datagram Protocol (UDP). The UDP layer provides datagram based connectionless transport layer (layer 4) functionality in the ...
|
HTTPHyper_Text_Transfer_Protocol - The Wireshark Wiki
https://wiki.wireshark.org/Hyper_Text_Transfer_Protocol
Wireshark
The HTTP protocol header is text-based, where headers are written in text lines. HTTP/1.1 allows for client-server connections to be pipelined, whereby multiple ...
|
Wireshark · Display Filter Reference: Canon BJNP
https://www.wireshark.org/docs/dfref/b/bjnp.html
Wireshark
Protocol field name: bjnp ... bjnp.code, Code, Unsigned integer, 1 byte, 1.2.0 to 2.0.4 ...bjnp.session_id, Session Id, Unsigned integer, 2 bytes, 1.2.0 to 2.0.4.
|
0 Comments:
Post a Comment