logo

Wireshark: A Comprehensive Guide to Network Traffic Analysis

Students explore electronic resources including the Windows Help and Support Center, Internet Search Engines, and Wikis.

23 Pages1709 Words177 Views
   

Added on  2023-04-21

About This Document

This comprehensive guide provides step-by-step instructions on downloading, installing, and using Wireshark for network traffic analysis. It covers topics such as packet sniffing, filtering, and protocol analysis. The guide also explores the benefits and risks of using Wireshark for network security. Additionally, it delves into the TCP/IP protocols, packet-switching networks, and packet headers. The guide concludes with an analysis of Wireshark data and an introduction to flow graphs. Recommended for security professionals and network administrators.

Wireshark: A Comprehensive Guide to Network Traffic Analysis

Students explore electronic resources including the Windows Help and Support Center, Internet Search Engines, and Wikis.

   Added on 2023-04-21

ShareRelated Documents
Running Head: WIRESHARK
Wireshark
Wireshark: A Comprehensive Guide to Network Traffic Analysis_1
1
WIRESHARK
(Encrypted-Internet)+Privacy== Oxymoron
Objectives:
The following paper aims to achieve/establish the significant objectives. Firstly, the
procedure of download and installation of Wireshark and WinpCap is recorded. Next,
Wireshark’s GUI (Graphical User Interface) is explored. Then, the process of sniffing and
filtering traffic is also evaluated with Wireshark. Lastly, the obtained data from Wireshark is
analysed.
Introduction:
Wireshark is recognized as a software which strengthens security with respect to any
organizational usage. The software is free-to-use, open sourced analyser of network traffic. In
an organization, it is used by security professionals for monitoring and analysis of network
vulnerabilities, attacks and threats. However, the same software is used to provide scopes to
an attackers for sniffing of passwords or any information, affecting any unsuspecting and
innocent victim. Thus, it is both considered as blessing and bane, from the perspective of any
security official.
Assessment of Wireshark:
i. Sniffer- Packet sniffing is used in Ethernet as a utility. This allows users in
capturing data during transmission over a network. Sniffing is used by
professional network security individuals to diagnose network risks. However, the
same is used by unethical and immoral users to steal unencrypted data, like
usernames and profile information to other users. Wireshark has been an effective
tool to enhance the procedure of packet sniffing.
ii. Protocol- A network protocol are the standard set of rules and convections that
build a communication channel between network devices. The packaging of data
Wireshark: A Comprehensive Guide to Network Traffic Analysis_2
2
WIRESHARK
(sent and received) are identified and connected to each other using the protocol
layer. Modern protocols includes packet switching mechanism to communicate
data in form of packets. The same is identified to Wireshark’s mechanism of
protocols. Moreover, the frequently identified protocols in Wireshark are known
to be Transmission Control Protocol (TCP) and Internet Control Message
Protocol.
iii. Protocol Analyzer- This is defined as a combination of programming and
hardware devices that is installed in a computer environment for enhancement of
protection against network-related threats and maliciousness. These analyzers
support firewalls, spyware-detection and anti-virus programs. Protocol analyzers
provide extended statistics to recent network activities; testing of anti-virus
programs and identification of vulnerabilities; usual network traffic detection, and
more features are also recorded.
iv. Packet- Packets, in computer network’s language, is defined as the collection of
data used by computing systems during communication under a network. A packet
contains two types of data: packet data and packet information. This is the most
basic element of transmission under a packet-switching network.
v. Packet Filter: This feature is used to display filters according to requirement from
the user, operating under a designated network. Specific attributes are searched on
the search bar of Wireshark, and the program autocompletes the filter by
justifying the identifiable identities according to the user’s choice.
vi. Live Capture- Wireshark provides this major feature of capturing live network
data. Live capturing allows data sniffing under a network which is live and, in real
time. It also supports offline analysis of protocol, enrichens the UI and, mainly
Wireshark: A Comprehensive Guide to Network Traffic Analysis_3
3
WIRESHARK
supports all the network like application and transport protocols. Mainly,
Wireshark utilizes the libpcap filter language to capture the filters.
Assessment of TCP/IP:
i. Transport Control Protocol (TCP) - TCP is identified as the standard which
defines the way of establishment and maintenance of a network communication
under which the exchange of data is accomplished. The working of TCP with IP
(Internet Protocol) defines the way of data-transmission through packets between
a set of end-users (system). It also establishes- TCP port multiplexing; logical
connection against issues to DuplicatePackets, PacketLoss and more. Moreover,
transfer of small byte number will allocate them to the remote host yet, no extra or
missing bytes are added or removed, respectively to the application which is
receiving.
ii. Internet Protocol (IP) - IP is defined as the protocol through which the transfer
of data over two or more computer system is observed, under an internet
connection. Each computer on internet contains a unique IP address to
appropriately identify it from other computer systems.
iii. Network Stack- Network or Protocol stack are the set of protocols that used in a
network to show the software layers hierarchy. The hierarchy starts from
application layer (at the top) to the data link layer (at the bottom). It is also noticed
that the stack resides in both server and client. The layered method controls
different protocols to adjust and accommodate alike network architectures.
iv. Packet- It is the basic unit of gathering information in a network transmission.
Due to structure of TCP/IP being laminated to use packets, it is considered as
packet-switching technology. Every packet in such a packet switching network is
constructed of two significant pieces: the data and the package header. Generally,
Wireshark: A Comprehensive Guide to Network Traffic Analysis_4
4
WIRESHARK
the packets fit into the standard networking model, which is also known as Open
System Interconnection (OSI model) (at the network level). Hereafter, they
packets are configured/transferred to bits, and then passed down to data link layer.
It reaches the physical layer (actual medium of transmission) for the insertion of
frames (from the packets) in the next step. Moreover, the structure of packet-
switching networks and packets approves fast, efficient and reliable data
transmission.
v. Packet Header- As mentioned before, a packet consists of a packet header and
the data. However, packet header plays a major role during transmission of
information between computer systems under a network. The header of a packet
contains protocol version (IPv4 or IPv6), packet’s length, total number of packets,
the address of the source and destination, a checksum to correct the error
calculations and lastly, the TTL (Time to Live) data, that defines the number of
devices the packets will be transferred along. Additionally, the information from
the header defines the type, number and error correction databits with respect to
the packet provides information to other packet about the whole message under an
easier correction and reconstruction. This is far more reliable than circuit-
switching transmission techniques.
Wireshark: A Comprehensive Guide to Network Traffic Analysis_5
5
WIRESHARK
Procedure
Download and Install WinPcap
Wireshark: A Comprehensive Guide to Network Traffic Analysis_6

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
IT Wireless: WLAN Tools, Packet Capture, and Wireless Technologies
|16
|2601
|65

Network Analysis Using Wireshark for Networked Application Management
|36
|2887
|458

Wireless Technologies: Wireshark, Cain and Abel
|25
|3468
|2

Network Analysis Using Wireshark
|20
|2983
|459

DIGITAL FORENSICS - IFN643 Assignment 2 Executive Summary Packet Filtering
|67
|8588
|396

Wireshark: Simplifying Network Traffic Analysis and Monitoring
|19
|5055
|124