Web Hosting Security

  Home arrow Web Hosting Security arrow Page 3 - Packet Sniffing with Wireshark
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WEB HOSTING SECURITY

Packet Sniffing with Wireshark
By: Barzan 'Tony' Antal
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 5
    2009-11-04

    Table of Contents:
  • Packet Sniffing with Wireshark
  • Whatís Sniffiní About?
  • Doing It Yourself
  • Final Thoughts

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     

    SEARCH WEB HOSTERS

    TOOLS YOU CAN USE

    advertisement

    Packet Sniffing with Wireshark - Doing It Yourself


    (Page 3 of 4 )

    The installation procedure for Wireshark is really straightforward. The Windows version is based on WinPcap. It is a set of libraries that offer network monitoring and packet capturing capabilities. Thankfully, it is high-performing, reliable, and portable. But if you donít have WinPcap, donít worry; Wireshark can install it during its setup process.

    Download the latest version of Wireshark from this official page. The latest version at the time of writing is 1.0.6. During the installation process you are asked whether youíd like to set the NPF service to automatically start with Windows. This would give users with non-administrator rights the ability to use Wireshark and capture packets. Without this service, only administrators have the necessary permissions.

    After successful installation you should be able to launch Wireshark. Itís going to pop up an empty window, but with extensive menus and a toolbar. Its GUI is built on top of GTK+, so you *nix enthusiasts ought to recognize this right away! All right, now as for your first sniffing action plan: just navigate to the Capture -> Interfaces menu. This opens up a window with NICs listed. Make your choice (the current one in use).

    Click on Start, and everything begins. Chances are, some kind of traffic happens when you do this; if not, then just visit a site or two, send a file, a new mail, or simply write an IM to your friend and say hey, whatís up! You should notice that the window becomes fairly populated during the process. The main window is split into three panes, and each of them gets filled.

    The first pane (the top one) enumerates the intercepted packets. Each line stands for an individual packet. You can watch as they are counted with No. and their specs are listed, too, such as Time (when it happened, with microsecond precision), Source, Destination, Protocol, Info, etc. As you select one of these rows, the other two panes are going to display the contents of the packet and other information regarding your choice.

    On the middle pane you can use those ď+Ē to expand entire categories. In order to show you an example, we captured some of the incoming/outgoing traffic while loading the Developer Shed website. On the top pane we picked an HTTP GET that requires the global.css file. The middle pane looks similar to this.

    As you can see, weíve expanded the Hypertext Transfer Protocol. And there the entire content of the packet is analyzed and understood, segmented into the appropriate parts. You can, therefore, find out various information regarding the type of content that flows through your NICs. The bottom pane displays the content of the packet in Hexadecimal (HEX) and typical ASCII representations. These are useful too, sometimes.

    It should be noted that wireless packet sniffing works exactly in the same fashion as wired. However, in the case of Broadcom wireless cards, you may want to check out this thread Ė itís about the special BRCM wireless driver thatís WildPackets. Thanks to this, you will be able to capture all kinds of wireless packets flowing across your network. If you donít want to fiddle with non-digitally signed drivers, then you will just capture encrypted packets, and then encryption ought to be done manually.

    More Web Hosting Security Articles
    More By Barzan 'Tony' Antal

    WEB HOSTING SECURITY ARTICLES

    - For Online Security, Invest in People
    - World`s Third-Largest Botnet Bites the Dust
    - Yahoo Security Breach Highlights Poor Practi...
    - How to Prevent Mobile Malware
    - FBI Issues Internet Security for Travelers a...
    - More of the Top Internet Scams
    - How to Stop Phishing Scams
    - Social Networking Safety Tips
    - How to Avoid Financial Fraud Online
    - Android`s Most Notorious Trojans and Viruses
    - GFI Report Details Top 10 Threat Detections ...
    - Sophos Releases Security Threat Report 2012
    - Facebook Safety Tips for 2012
    - Email Scam Hits Apple Users
    - Tips for Mobile Security

    Developer Shed Affiliates

     




    © 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap