Scribd Logo
Upload

Welcome to Scribd!

  • Expt-10 Wireshark

    Uploaded by

    Suyash Malekar
    14 views8 pages
    The document describes experimenting with the Wireshark packet analyzer tool. It provides instructions on installing Wireshark on Ubuntu and Windows, and using basic features like capturing packets from an interface and applying display filters. Wireshark allows viewing packet headers and analyzing network activity in detail. The experiment concludes that Wireshark was successfully installed on Ubuntu 20.04 and various packet headers were analyzed.

    Original Description:

    Original Title

    Expt-10 wireshark

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes experimenting with the Wireshark packet analyzer tool. It provides instructions on installing Wireshark on Ubuntu and Windows, and using basic features like capturing packets from an interface and applying display filters. Wireshark allows viewing packet headers and analyzing network activity in detail. The experiment concludes that Wireshark was successfully installed on Ubuntu 20.04 and various packet headers were analyzed.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views8 pages

    Expt-10 Wireshark

    Uploaded by

    Suyash Malekar
    The document describes experimenting with the Wireshark packet analyzer tool. It provides instructions on installing Wireshark on Ubuntu and Windows, and using basic features like capturing packets from an interface and applying display filters. Wireshark allows viewing packet headers and analyzing network activity in detail. The experiment concludes that Wireshark was successfully installed on Ubuntu 20.04 and various packet headers were analyzed.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    Experiment no.

    10

    Name- Wireshark packet analyzer tool

    Aim:- To install Wireshark on Ubuntu/ Windows and analyze the different


    packets with header.

    Course Outcome- CO2 & CO5


    Theory : Wireshark is a network packet analyser. A network packet analyser presents captured
    packet data in as much detail as possible.

    Wireshark is available for free, is open source, and is one of the best packet analysers available today.

    Wireshark provides:

    • Available for UNIX and Windows.


    • Capture live packet data from a network interface.

    Wireshark does not provide:

    • Wireshark isn’t an intrusion detection system. It will not warn you when someone does
    strange things on your network that he/she isn’t allowed to do. However, if strange things
    happen, Wireshark might help you figure out what is really going on.
    • Wireshark will not manipulate things on the network, it will only “measure” things from it.
    Wireshark doesn’t send packets on the network or do other active things.

    Installing Wireshark on Ubuntu 20.04


    Steps
    Step 1: Update APT
    First, as always, update and upgrade your APT through the following command.

    $ sudo apt-get update

    type password and press enter key

    $ sudo apt-get upgrade


    Step 2: Download and Install Wireshark
    Download and install it with the following command.

    $ sudo apt-get install wireshark

    Step 3: Enable Root Privileges


    Press the “Yes” button to allow other users

    Step 5: Launch Wireshark


    In the terminal window, type the following command to start the Wireshark application.

    $ wireshark

    Figure: Wireshark Welcome screen.


    You can also open Wireshark through the Graphical User Interface (GUI) by opening the
    activities on the Ubuntu desktop, and in the search bar, type “Wireshark,” and click on
    the application result.

    When the Wireshark opens, you will see the following default view:

    To display the version of Wireshark installed, use following command

    $ wireshark --version

    Output -
    Installation on Windows
    https://www.wireshark.org/docs/wsug_html_chunked/ChBuildInstallWinInstall.html

    Also install NPcap

    NPcap is the Windows version of the libpcap library. It includes a driver to support
    capturing packets. Wireshark can use this library to capture live network data on
    Windows.

    Using Wireshark
    Wireshark is a powerful tool with plenty of features. Here we will just go through
    the basics of the two important features that are: packet capture and display filter.
    Packet Capture
    In order to capture packets using Wireshark, follow the below simple steps:

    1. From the list of available network interfaces in the Wireshark window, select the
    interface on which you want to capture packets.

    2. From the toolbar at the top, click the start button to start capturing the packets on
    the selected interface as shown in the following screenshot.
    If there is currently no traffic, then you can generate some traffic by visiting any
    website. After that, you will see the captured packets displaying in real-time.

    3. To stop capturing the packets, click the stop button as shown in the following
    screenshot.

    In the above screenshot, you can see the Wireshark divided into three panes:

    1. The topmost pane list all the packets captured by Wireshark.

    2. The middle pane shows packet header details for each selected packet.

    3. The third pane shows the raw data of each selected packet.

    Display filter
    As you have seen in the above screenshots, the Wireshark displays a large number of
    packets for single network activity. In a normal network, there are thousands of packets
    traveling back and forth on your network. It is very difficult to find a specific packet form
    thousands of captured packets. Here comes the display filtering feature of Wireshark.

    You can filter the results based on protocols, source and destination IP addresses,
    port number, and some others.
    To only show the packets containing a specific protocol, type the protocol name
    into the “Apply a display filter” field under the toolbar.

    Example:
    To display only the TCP packets from all the captured packets, type tcp. After
    entering the filter name, you will see only the TCP packets.

    Conclusion: Thus, Wireshark is installed successfully and used on Ubuntu 20.04. Also
    analysed different types of packet header.
    If interfaces not visible in Wireshark on which a capture can be done
    (like following diagrams)
    To fix Wireshark "Couldn’t run /usr/bin/dumpcap in child process:
    Permission denied" on Ubuntu

    use following commands


    sudo dpkg-reconfigure wireshark-common
    #Select "Yes"
    chmod +x /usr/bin/dumpcap

    Now launch or start Wireshark

    You might also like