Wireshark Instructions: Difference between revisions

From ITCwiki
Jump to navigation Jump to search
 
(33 intermediate revisions by the same user not shown)
Line 1: Line 1:
'''Wireshark Instructions''' This is a walk through to help new students learn how to install and run wireshark for future lab assignments. We will be doing all of this through your Virtual Machine as though you were in the lab during class.  If needed the same steps will apply to your home computer with the exception of using a your specific network adaptor.
'''Wireshark Instructions''' This is a walk through to help new students learn how to install and run wireshark for future lab assignments. We will be doing all of this through your Virtual Machine as though you were in the lab during class.  If needed the same steps will apply to your home computer with the exception of using a your specific network adapter.


==Downloading & Installing Wireshark==
==Downloading & Installing Wireshark==
Line 5: Line 5:


*Step 1
*Step 1
First go to the following link [http://www.wireshark.org/download.html Wireshark Download]
First go to the following link  
*'''NOTE''':  Make sure to hold control to open the link in a new tab.  [http://www.wireshark.org/download.html Wireshark Download]


*Step 2
*Step 2
Click on the Windows Installer (32-bit)
Click on the Windows Installer (32-bit).
[[File:Wireshark.2.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.2.jpg|800px]]
 
 
 
*Step 3
*Step 3
Click the Save button
Click the Save button.
[[File:Wireshark.3.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.3.jpg|800px]]
 
 
 
*Step 4
*Step 4
Click the Run button after the file has been downloaded
Click the Run button after the file has been downloaded.
[[File:Wireshark.4.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.4.jpg|800px]]
 
 
 
*Step 5
*Step 5
If an older version is installed replace it by clicking the Yes button
If an older version is installed replace it by clicking the Yes button.
[[File:Wireshark.6.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.6.jpg|800px]]
 
 
 
*Step 6
*Step 6
Click the Next button untill you arrive at the Finish button
Click the Next button until you arrive at the Finish button.
[[File:Wireshark.8.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.8.jpg|800px]]
 
 
 
*Step 7
*Step 7
Click the Finish button
Click the Finish button.
[[File:Wireshark.10.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.10.jpg|800px]]
 
 
 
*Step 8
*Step 8
Click the I Agree button to start the install
Click the I Agree button to start the install.
[[File:Wireshark.12.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.12.jpg|800px]]
 
 
 
*Step 9
*Step 9
Click the Next button untill you arrive at the Install WinPcap
Click the Next button until you arrive at the Install WinPcap.
[[File:Wireshark.13.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.13.jpg|800px]]
 
 
 
*Step 10
*Step 10
Click the Install button
Click the Install button.
[[File:Wireshark.16.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.16.jpg|800px]]
 
 
 
*Step 11
*Step 11
Click the Next button untill you get to WinPcap License Agreement
Click the Next button until you get to WinPcap License Agreement.
[[File:Wireshark.17.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.17.jpg|800px]]
 
 
 
*Step 12
*Step 12
Click the I Agree button
Click the I Agree button.
[[File:Wireshark.19.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.19.jpg|800px]]
 
 
 
*Step 13
*Step 13
Click the Install button
Click the Install button.
[[File:Wireshark.20.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.20.jpg|800px]]
 
 
 
*Step 14
*Step 14
When installation is complete click the Next button
When installation is complete click the Next button.
[[File:Wireshark.27.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.27.jpg|800px]]
 
 
 
*Step 15
*Step 15
Click the Finish button
Click the Finish button.
[[File:Wireshark.28.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.28.jpg|800px]]
 
 


==Basic Operation of Wireshark==
==Basic Operation of Wireshark==
Line 55: Line 139:
*Step 1
*Step 1
First open Wireshark by double clicking on the icon.
First open Wireshark by double clicking on the icon.
[[File:Wireshark.29.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.29.jpg|800px]]
 
 
 
*Step 2
*Step 2
Click on the Capture Options on the left side of the window, will give you a screen that looks like this.
Click on the Capture Options on the left side of the window, will give you a screen that looks like this.
[[File:Wireshark.30.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.30.jpg|800px]]
 
 
 
*Step 3
*Step 3
Click on the drop arrow button on the top right of the window and select the VMware network adapter.
Click on the drop arrow button on the top right of the window and select the VMware network adapter.
[[File:Wireshark.31.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.31.jpg|800px]]
 
 
 
*Step 4
*Step 4
Click on the Start button.  You are now capturing packets!!!
Click on the Start button.  You are now capturing packets!!!
[[File:Wireshark.32.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.32.jpg|800px]]
 
 
 
*Step 5
*Step 5
To stop a capture click on the red x button on the top left side on the capture window.
To stop a capture click on the red x button on the top left side on the capture window.
[[File:Wireshark.33.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.33.jpg|800px]]
 
 


==Examining Capture Data==
==Examining Capture Data==
In this section we will be showing you how to capture protocols and where to locate the important values given by the use of wireshark.
In this section we will be showing you how to capture protocols and where to locate the important values given by the use of wireshark.
===Color Code===
*YELLOW:  Indicates the MAC Address of both the destination and source.
*YELLOW:  Indicates the MAC Address of both the destination and source.
*GREEN:  Indicates the NIC Manufacturer of both the destination and source.
*GREEN:  Indicates the NIC Manufacturer of both the destination and source.
Line 76: Line 191:
*BLUE:  Indicates the Frame Type of the packet.
*BLUE:  Indicates the Frame Type of the packet.
*PINK:  Indicates the IPv4 of both the destination and source.
*PINK:  Indicates the IPv4 of both the destination and source.
*'''NOTE''':  The the preamble and the FCS are not shown on wireshark.
*'''NOTE''':  The the '''Preamble''' and the '''FCS''' are '''NOT''' shown on wireshark.


===FTP===
===FTP===
[[File:Wireshark.ftp..jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.ftp..jpg|800px]]
 
 


===HTTP===
===HTTP===
[[File:Wireshark.http.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.http.jpg|800px]]
 
 


===ARP===
===ARP===
[[File:Wireshark.arp.jpg|thumb|800px|left]]
 
 
 
[[File:Wireshark.arp.jpg|800px]]
 
 


===DNS===
===DNS===
[[File:Wireshark.dns.jpg|800px]]


===ICMP===
===ICMP===
[[File:Wireshark.icmp.JPG|800px]]
==Creating a Shortcut to Auto Run Wireshark==
In this section we will be showing you how to create a new desktop icon to auto start your wireshark and have it select the correct network adapter and start capturing by simply double clicking the new icon.
*Step 1
Right click the Wireshark icon and click copy.
[[File:Wireshark.copy.JPG|800px]]
*Step 2
Right click on the desktop and click paste.
*Step 3
Right click the new icon and rename "Wireshark Auto Start"
[[File:Wireshark.new.JPG|800px]]
*Step 4
Open Wireshark and click on the Capture Options go to the pull down as previously mentioned and select the VMware network adapter, open the window fully to see the path and select everything after the after the : you should have this selected '''\Device\NPF_{numbers}''' as seen in the picture.
[[File:Wireshark.loctarget.JPG|800px]]
*Step 5
Right click and click properties on the NEW Wireshark icon, and add this to the end of the target line -k -i
*'''NOTE''':  You need to have a space before the -k and after the -i.
[[File:Wireshark.shortcutcmd.JPG|800px]]
*Step 6
Now after the -i "and the space" paste the \Device\NPF_[numbers} to the target line as shown in the picture.
[[File:Wireshark.paste.JPG|800px]]
*Step 7
Click on the Ok button and now you can simply double click the new icon to start Wireshark and select your network adapter and begin capture with one click of the button.  Enjoy!!!


==External links==
==External links==
*[http://cnt.lextron.net/VMWare_Setup Installing Virtual Machine]
*[[VMWare Setup]]
*[http://www.wireshark.org/download.html Wireshark Download]
*[http://www.wireshark.org/download.html Wireshark Download]
*[http://media-2.cacetech.com/video/wireshark/custom-shortcuts/ Creating Shortcuts]
*[http://media-2.cacetech.com/video/wireshark/custom-shortcuts/ Creating Shortcuts]

Latest revision as of 15:13, 16 February 2010

Wireshark Instructions This is a walk through to help new students learn how to install and run wireshark for future lab assignments. We will be doing all of this through your Virtual Machine as though you were in the lab during class. If needed the same steps will apply to your home computer with the exception of using a your specific network adapter.

Downloading & Installing Wireshark

This is a quick overview of how to download and install wireshark on to any windows operating system.

  • Step 1

First go to the following link

  • Step 2

Click on the Windows Installer (32-bit).


Wireshark.2.jpg


  • Step 3

Click the Save button.


Wireshark.3.jpg


  • Step 4

Click the Run button after the file has been downloaded.


Wireshark.4.jpg


  • Step 5

If an older version is installed replace it by clicking the Yes button.


Wireshark.6.jpg


  • Step 6

Click the Next button until you arrive at the Finish button.


Wireshark.8.jpg


  • Step 7

Click the Finish button.


Wireshark.10.jpg


  • Step 8

Click the I Agree button to start the install.


Wireshark.12.jpg


  • Step 9

Click the Next button until you arrive at the Install WinPcap.


Wireshark.13.jpg


  • Step 10

Click the Install button.


Wireshark.16.jpg


  • Step 11

Click the Next button until you get to WinPcap License Agreement.


Wireshark.17.jpg


  • Step 12

Click the I Agree button.


Wireshark.19.jpg


  • Step 13

Click the Install button.


Wireshark.20.jpg


  • Step 14

When installation is complete click the Next button.


Wireshark.27.jpg


  • Step 15

Click the Finish button.


Wireshark.28.jpg


Basic Operation of Wireshark

This will cover opening and running Wireshark in a virtual machine to capture packets.

  • Step 1

First open Wireshark by double clicking on the icon.


Wireshark.29.jpg


  • Step 2

Click on the Capture Options on the left side of the window, will give you a screen that looks like this.


Wireshark.30.jpg


  • Step 3

Click on the drop arrow button on the top right of the window and select the VMware network adapter.


Wireshark.31.jpg


  • Step 4

Click on the Start button. You are now capturing packets!!!


Wireshark.32.jpg


  • Step 5

To stop a capture click on the red x button on the top left side on the capture window.


Wireshark.33.jpg


Examining Capture Data

In this section we will be showing you how to capture protocols and where to locate the important values given by the use of wireshark.

Color Code

  • YELLOW: Indicates the MAC Address of both the destination and source.
  • GREEN: Indicates the NIC Manufacturer of both the destination and source.
  • RED: Indicates the NIC Serial Number of both the destination and source.
  • BLUE: Indicates the Frame Type of the packet.
  • PINK: Indicates the IPv4 of both the destination and source.
  • NOTE: The the Preamble and the FCS are NOT shown on wireshark.

FTP

Wireshark.ftp..jpg


HTTP

Wireshark.http.jpg


ARP

Wireshark.arp.jpg


DNS

Wireshark.dns.jpg


ICMP

Wireshark.icmp.JPG


Creating a Shortcut to Auto Run Wireshark

In this section we will be showing you how to create a new desktop icon to auto start your wireshark and have it select the correct network adapter and start capturing by simply double clicking the new icon.

  • Step 1

Right click the Wireshark icon and click copy.


Wireshark.copy.JPG


  • Step 2

Right click on the desktop and click paste.

  • Step 3

Right click the new icon and rename "Wireshark Auto Start"


Wireshark.new.JPG


  • Step 4

Open Wireshark and click on the Capture Options go to the pull down as previously mentioned and select the VMware network adapter, open the window fully to see the path and select everything after the after the : you should have this selected \Device\NPF_{numbers} as seen in the picture.


Wireshark.loctarget.JPG


  • Step 5

Right click and click properties on the NEW Wireshark icon, and add this to the end of the target line -k -i

  • NOTE: You need to have a space before the -k and after the -i.


Wireshark.shortcutcmd.JPG


  • Step 6

Now after the -i "and the space" paste the \Device\NPF_[numbers} to the target line as shown in the picture.


Wireshark.paste.JPG


  • Step 7

Click on the Ok button and now you can simply double click the new icon to start Wireshark and select your network adapter and begin capture with one click of the button. Enjoy!!!

External links