protocol analysis with wireshark - information and
TRANSCRIPT
KU EECS 780 – Communication Networks Laboratory – Introduction to Protocol Analysis with Wireshark
– 1 –
© James P.G. SterbenzITTC
24 August 2015 © 2004–2015 James P.G. Sterbenzrev. 15.0
Communication Networks LaboratoryThe University of Kansas EECS 780
Introduction to Protocol Analysis with WiresharkTrúc Anh N. Nguyễn,
Egemen K. Çetinkaya, Mohammed Alenazi and James P.G. Sterbenz
Department of Electrical Engineering & Computer Science
Information Technology & Telecommunications Research Center
The University of Kansas
http://www.ittc.ku.edu/~jpgs/courses/nets
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-2
Protocol Analysis with WiresharkOutline
L1.0 EECS 780 laboratory outlineL1.1 Motivation and overviewL1.2 Wireshark installation and useL1.3 Protocol analysis examplesL1.4 Getting started
KU EECS 780 – Communication Networks Laboratory – Introduction to Protocol Analysis with Wireshark
– 2 –
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-3
EECS 780 LaboratoriesOutline
L1.0 EECS 780 laboratory outlineL1.1 Motivation and overviewL1.2 Wireshark installation and useL1.3 Protocol analysis examplesL1.4 Getting started
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-4
EECS 780 LaboratoriesSemester Outline
• Wireshark labs– throughout semester, intuitive, based on textbook
• Wiki and web authoring– requires EECS, KU, or ITTC account
• Socket programming– relatively simple lab to demonstrate socket concepts
• Network simulation– lab to introduce network simulation
• Hands-on network performance evaluation– configure Cisco router, utilise open source tools
• Others if time permits– programmable networks using GpENI testbed
KU EECS 780 – Communication Networks Laboratory – Introduction to Protocol Analysis with Wireshark
– 3 –
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-5
Protocol Analysis with WiresharkMotivation and Overview
L1.0 EECS 780 laboratory outlineL1.1 Motivation and overviewL1.2 Wireshark installation and useL1.3 Protocol analysis examplesL1.4 Getting started
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-6
Motivation and OverviewIntroduction1
• Wireshark is a network protocol analyzer– www.wireshark.org
• First released in 1998 by Gerald Combs as Ethereal– many contributors around the world
• Open source and free software• Graphical alternative to tcpdump
KU EECS 780 – Communication Networks Laboratory – Introduction to Protocol Analysis with Wireshark
– 4 –
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-7
Motivation and OverviewIntroduction2
• Powerful tool for network troubleshooting• Sniffs and captures live traffic• Filters data for ease of analysis• Statistics and graphs available• Used in industry and academia
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-8
Protocol Analysis with WiresharkWireshark Installation and Use
L1.0 EECS 780 laboratory outlineL1.1 Motivation and overviewL1.2 Wireshark installation and useL1.3 Protocol analysis examplesL1.4 Getting started
KU EECS 780 – Communication Networks Laboratory – Introduction to Protocol Analysis with Wireshark
– 5 –
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-9
Wireshark InstallationHighlights
• Wireshark can be installed on various platforms– UNIX, MS, Linux, Mac OS, etc
• Most recent release is v.1.8.4, Nov. 2012 • System requirements
– section 1.2 at http://www.wireshark.org/docs/wsug_html/
– rule of thumb: fast CPU, more memory is better
• FAQs and Wiki pages provide more information
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-10
Wireshark InstallationOverview
• Installation of Wireshark requires– downloading the relevant package
• building the source into binary if the source is downloaded
– install binaries to their destinations– section 2 provides detailed installation instructions
http://www.wireshark.org/docs/wsug_html/
• Windows installation includes WinPcap– packet capture library (also needed for tcpdump)
• Installation easy and intuitive
KU EECS 780 – Communication Networks Laboratory – Introduction to Protocol Analysis with Wireshark
– 6 –
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-11
Wireshark UsageWindows XP Installation1
Go to wireshark.org
Click onDownload Wireshark
Save and run the executable (.exe) file
Installation wizard is intuitive
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-12
Wireshark UsageWindows XP Installation2
pcap library is required to capture low-level network messages
WinPcap for Windows,libpcap for UNIX/Linux
Latest WinPcap release 4.1.2
KU EECS 780 – Communication Networks Laboratory – Introduction to Protocol Analysis with Wireshark
– 7 –
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-13
Wireshark InstallationWindows XP Installation3
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-14
Wireshark UsageMain Features
• Capturing live traffic– data can be captured on wired or wireless medium
• Numerous protocols can be captured and analyzed• Filtering is essential when dealing with lots of packets
– filters can be applied on protocols, fields, values, etc.– filtering while capturing packets is possible
KU EECS 780 – Communication Networks Laboratory – Introduction to Protocol Analysis with Wireshark
– 8 –
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-15
Wireshark GUIMain Window
menumain toolbarfilter toolbar
packet list pane
packet details pane
packet bytes pane
status bar
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-16
Wireshark UsageStarting Capture
To capture: go to Capture menu and select Interfaces…
Start capturing on interface that has IP address
Other ways of capturing possible
KU EECS 780 – Communication Networks Laboratory – Introduction to Protocol Analysis with Wireshark
– 9 –
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-17
Wireshark UsageCapturing1
Once the capturing starts,until the data is exchanged on Network Interface Card (NIC),main window will be blank
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-18
Wireshark UsageCapturing2
When packets exchanged on NIC,the packets will be dumped to main window
KU EECS 780 – Communication Networks Laboratory – Introduction to Protocol Analysis with Wireshark
– 10 –
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-19
Wireshark UsageStopping Capture
Capturing can be stopped by clicking on“Stop the running capture” button on the main toolbar
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-20
Wireshark UsageFiltering
Filter by entering the “protocol name or field name” and click the apply button in the filter menu
Detailed filters can be applied by creating expressions
KU EECS 780 – Communication Networks Laboratory – Introduction to Protocol Analysis with Wireshark
– 11 –
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-21
Protocol Analysis with WiresharkProtocol Analysis and Examples
L1.0 EECS 780 laboratory outlineL1.1 Motivation and overviewL1.2 Wireshark installation and useL1.3 Protocol analysis and examplesL1.4 Getting started
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-22
Protocol Analysis with WiresharkProtocol Analysis
• Packets/protocols can be analyzed after capturing• Individual fields in protocols can be easily seen• Graphs and flow diagrams can be helpful in analysis
KU EECS 780 – Communication Networks Laboratory – Introduction to Protocol Analysis with Wireshark
– 12 –
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-23
Protocol Analysis and ExamplesPacket Details Pane
Analysis is performed manually
Example shows TCP segment with SYN and ACKfields set to 1
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-24
Protocol Analysis and ExamplesPacket Byte Pane
Zoom in or out is possible in main toolbar
Packet Byte pane consists of offset, Hex, and ASCII fields
KU EECS 780 – Communication Networks Laboratory – Introduction to Protocol Analysis with Wireshark
– 13 –
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-25
Protocol Analysis and ExamplesStatistics – Flow Graph Example
TCP plots and flow graphs are available inStatistics menu
Example shows a flow diagram of ping utility
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-26
Protocol Analysis with WiresharkGetting Started
L1.0 EECS 780 laboratory outlineL1.1 Motivation and overviewL1.2 Wireshark installation and useL1.3 Protocol analysis and examplesL1.4 Getting started
KU EECS 780 – Communication Networks Laboratory – Introduction to Protocol Analysis with Wireshark
– 14 –
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-27
Getting StartedInstallation and First Lab Exercise
• Install Wireshark• Go to student resources web page at
http://http://www.pearsonhighered.com/pearsonhigheredus/educator/product/products_detail.page?isbn=9780132856201
• Complete first Wireshark Lab – Getting Started• Familiarize yourself with Wireshark
© James P.G. SterbenzITTC
24 August 2015 KU EECS 780 – Comm Nets – Wireshark Lab NET-L1-28
Protocol Analysis with WiresharkAcknowledgements
Some material in these foils comes from the textbook supplementary materials:
• Kurose & Ross,Computer Networking:A Top-Down Approach, 6th ed.http://kuroseross.com
• http://www.wireshark.org/
• http://www.winpcap.org/