Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Network Analysis using Wireshark Cookbook

You're reading from   Network Analysis using Wireshark Cookbook This book will be a massive ally in troubleshooting your network using Wireshark, the world's most popular analyzer. Over 100 practical recipes provide a focus on real-life situations, helping you resolve your own individual issues.

Arrow left icon
Product type Paperback
Published in Dec 2013
Publisher Packt
ISBN-13 9781849517645
Length 452 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Yoram Orzach Yoram Orzach
Author Profile Icon Yoram Orzach
Yoram Orzach
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Preface 1. Introducing Wireshark FREE CHAPTER 2. Using Capture Filters 3. Using Display Filters 4. Using Basic Statistics Tools 5. Using Advanced Statistics Tools 6. Using the Expert Infos Window 7. Ethernet, LAN Switching, and Wireless LAN 8. ARP and IP Analysis 9. UDP/TCP Analysis 10. HTTP and DNS 11. Analyzing Enterprise Applications' Behavior 12. SIP, Multimedia, and IP Telephony 13. Troubleshooting Bandwidth and Delay Problems 14. Understanding Network Security A. Links, Tools, and Reading Index

Configuring the start window

In this recipe we will see some basic configurations for the start window. We will talk about configuring the main window, file formats, and viewing options.

Getting ready

Start Wireshark, and you will get the start window. There are several parameters you can change here in order to adapt the capture window to meet your requirements:

  • Toolbars configuration
  • Main window configuration
  • Time format configuration
  • Name resolution
  • Colorize packet list
  • Auto scroll in live capture
  • Zoom
  • Columns configuration
  • Coloring rules

First, let's have a look at the toolbars that are used by the software:

Getting ready

For operations with the other toolbars as follows, which are covered in the coming subsections in this recipe:

  • Main Toolbar
  • Display Filter Toolbar
  • Status Bar

Main Toolbar

In the main toolbar you have the icons shown in the following screenshot:

Main Toolbar

The five leftmost symbols are for capture operations, then you have symbols for file operations, zoom and "go to packet" operations, colorize and auto-scroll, zoom and resize, filters, preferences, and help.

Display Filter Toolbar

In the filter toolbar, you have the following fields:

Display Filter Toolbar

Status Bar

In the status bar on the lower side of the Wireshark window, you can see the data shown in the following screenshot:

Status Bar

In the preceding screenshot you can see the following:

  • Errors in the expert system
  • The option to add a comment to the file
  • The name of the captured file (during capture, it will show you a temporary name assigned by the software)
  • Total number of captured packets, displayed packets (those which are actually displayed on the screen), and marked packets (those that you have marked).

How to do it...

In this part we will go step by step and configure the main menu.

Configuring toolbars

Usually for regular packet capture, you don't have to change anything. This is different when you want to capture wireless data over the network (not only from your laptop); you will have to enable the wireless toolbar, and this will be done by clicking on it under the view menu, as shown in the following screenshot:

Configuring toolbars

Configuring the main window

To configure the main menu for capturing, you can configure Wireshark to show the following windows:

Configuring the main window

In most of the cases you will not need to change anything here. In some cases, you can cancel the packet bytes when you don't need to see them, and you will get more "space" for the packet list and details.

Name Resolution

Name Resolution is the translation of layer 2 (MAC addresses), layer 3 (IP addresses), and layer 4 (Port numbers) into meaningful information.

Name Resolution

In the preceding screenshot, we see the MAC address 60:d8:19:c7:8e:73 (from Hon Hai Precision Ind., used by Lenovo), the website (that is, Packtpub.com), and the HTTP port number (that is 80).

Colorizing the packet list

Usually you start a capture in order to establish a baseline profile of what normal traffic looks like on your network. During the capture, you look at the captured data and you might find a TCP connection, IP or Ethernet connectivity that are suspects, and you want to see them in another color.

To do so, right-click on the packet that belongs to the conversation you want to color, choose Ethernet, IP, or TCP/UDP (the appearance of TCP or UDP will depend on the packet), and choose the color for the conversation.

In the example you see that we want to color a Transport Layer Security (TLS) conversation.

Colorizing the packet list

For canceling the coloring rule:

  1. Go to the View menu.
  2. In the lower part of the menu, choose Reset Coloring 1-10 or simply click on Ctrl + Space bar.

Auto scrolling in live capture

To configure Wireshark to auto-scroll the packets as it captures them, do the following:

  1. Go to the View menu.
  2. Mark the Auto Scroll in Live Capture item.
  3. Zoom

For zooming in and out:

  1. Go to the View menu.
  2. Click on Zoom In or press Ctrl + + to zoom in.
  3. Click on Zoom Out or press Ctrl + - to zoom out.
You have been reading a chapter from
Network Analysis using Wireshark Cookbook
Published in: Dec 2013
Publisher: Packt
ISBN-13: 9781849517645
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime