![]() ![]() Look through the filter for TCP traffic.Go to a website of your choice and make a packet filter.TCP 3 Way handshake – Start a new capture and carry out the following task: Type ipconfig /displaydns (displays the DNS cache).Type ipconfig /flushdns (clears the DNS cache).You will see that it is using IPV4, and the traffic is TCP.Įxpand the HTTP packet, and the referrer will show the page that you visited.Ĭomplete the following exercises to investigate DNS traffic:ĭNS traffic – Start a new capture and run the following commands: Open the frame in the packet details pane. The request to go to a website uses the HTTP verb GET.Ĭan you now search your trace for the packet when you arrived at this article? The packet 16340 relates to your arrival at the articles on the nfl.com website. You can now see only TCP and HTTP traffic. In the packet that you captured, you have inserted the filter http. Then select ‘ Save as‘ and save it as a pcap file (a packet capture file). On the Wireshark console, in the top left-hand corner, choose File. On this occasion, you will have captured over 20,000 packets in about 3 minutes. You should have captured quite a few packets. Go to Wireshark, Capture menu, and Press Stop. ![]() You will then see a massive number of packets being captured. Go to your Google and press the hyperlink for the preceding article. Start Wireshark, go to Capture, then press Start. The following instructions will be the same. If that article is not available, go to the Amazon website instead and search for the Ian Neil Security+. The top of the search list should be similar to that shown below. Go to Google and search for ‘Josh Dobbs Mike Glennon’. Once you start up Wireshark, you will capture a vast amount of traffic.Īfter capturing it, you can filter the different types of traffic. TipĪlways have your web browser ready before you press ‘Start’. These menus are context-sensitive for example, the Stop button does not become live until after the Start button appears. Once you are finished capturing the traffic, press the red square with the word Stop on it. Press the shark symbol with the word Start. Options lets you change the network interface. The Packet Bytes Pane: This shows a canonical hex dump of the packet data. The Packet Details Pane: This is the gray area that shows the protocol fields of the packet. The Packet List: This shows all packets that are captured and is shown in blue in the preceding image. The Filter Toolbar: This has a filter pane when you type in the protocol that you want to view. The Menu: This is broken into the following 11 headings:įile, Edit, View, Go, Capture, Analyze, Statistics, Telephony, Wireless, Tools, Help. The view above shows The Main Window, which is broken into different sections: ![]() If you need to change the interface, go to Capture and select Options. When your Wireshark console appears, it should look similar to that shown below. You will now see a Wireshark shortcut on the desktop, the same as below:ĭouble-click it and choose your network interface. The wizard will appear to say the installation is complete. It should take roughly another 2-3 minutes. The Wireshark installation will still be running in the background. The following wizard will appear (see below). The installation will commence, and the pop-up box below will appear.Īccept the license agreement and press I Agree.Īccept the default settings by pressing Next. Keep pressing ‘Next’ and accept the defaults. This will bring up the installation wizard. You want to download the Windows Installer (64 bit).Ĭlick on the link for your version of software, and you will see a pop-up box at the foot of your screen.Ĭhoose run, and when the UAC prompt appears, choose Yes. The output will look similar to the following: You must ensure that you use the full URL. Go to to visit the Wireshark download page. In this practical exercise, you are going to install Wireshark on a Windows 10 computer, and then capture a packet. Practical Exercise – Capturing a Packet Using Wireshark
0 Comments
Leave a Reply. |