Wireshark

What is Wireshark

• Wireshark is a free and open source packet analyzer.

• A protocol analyzer, such as Wireshark, is used to copy frames off of an active network

• These frames are like the cars on the highway• By capturing and examining these frames we can

see exactly what is happening on the network

Why Wireshark

• What I liked about it!• Multi-platform: Windows, Linux, OS X, Solaris,

FreeBSD, NetBSD.• It has a user friendly interface (GUI)• Colo-ring• And most importantly its ability to decode

most of the algorithms namely ASCII,HEX

Installing• Quite easy just download the setup from

www.wireshark.org

The Start screen

Copyright 2007-2010 Kenneth M. Chipps Ph.D. www.chipps.com

Wireshark

The frames that were captured

The layers in the currently selected frame

The contents of the current layer in hex and ASCII

Copyright 2007-2010 Kenneth M. Chipps Ph.D. www.chipps.com

TCP/IP Model

Copyright 2007-2010 Kenneth M. Chipps Ph.D. www.chipps.com

The Layers

The frame shown in detail below

All the layers in this frame

The contents of the selected layer

The contents in hex

The contents in ASCII

Copyright 2007-2010 Kenneth M. Chipps Ph.D. www.chipps.com

The Data Link Layer

Copyright 2007-2010 Kenneth M. Chipps Ph.D. www.chipps.com

The Network Layer

Copyright 2007-2010 Kenneth M. Chipps Ph.D. www.chipps.com

The Transport Layer

Copyright 2007-2010 Kenneth M. Chipps Ph.D. www.chipps.com

The Application Layer

How wireshark can be used to launch an attack ?

1-Capturing sensitive or personal information 2-Capturing usernames and passwords(Which will be shown in the demo )

Demo ,,

Recourses

http://www.wireshark.org2007-2010 Kenneth M. Chipps Ph.D.

www.chipps.com