Monthly Archives: March 2010

Your Network Architecture

Posted on March 31, 2010 by admin

The previous chapter discussed various cable taps, hubs, and switches that can be used to attach a sniffer to a network. This section looks at some of the network architecture and critical points of Wireshark. Network placement is critical for … Continue reading →

Posted in Your Network Architecture | Comments Off

Text2pcap

Posted on March 29, 2010 by admin

Text2pcap reads in ASCII hexdump captures and writes the data into a libpcap output file. It is capable of reading hexdumps containing multiple packets and building a capture file of multiple packets. Text2pcap can also read hexdumps of application-level data … Continue reading →

Posted in Supporting Programs | Comments Off

Mergecap

Posted on March 28, 2010 by admin

Mergecap is used to combine multiple saved capture files into a single output file. Mergecap can read all of the same types of files that Wireshark can and writes to libpcap format by default. Mergecap can also write the output … Continue reading →

Posted in Supporting Programs | Comments Off

Editcap

Posted on March 27, 2010 by admin

Editcap is used to remove packets from a file, and to translate the format of capture files. It is similar to the Save As feature, but better. Editcap can read all of the same types of files that Wireshark can, … Continue reading →

Posted in Supporting Programs | Comments Off

Tshark

Posted on March 26, 2010 by admin

Tshark is the command-line version of Wireshark, which can be used to capture live packets from the wire or to read saved capture files. By default, tshark prints the summary line information to the screen. This is the same information … Continue reading →

Posted in Supporting Programs | Comments Off

Supporting Programs

Posted on March 25, 2010 by admin

Most people who are familiar with Wireshark use the Wireshark GUI. However, when Wireshark is installed, it also comes with several other support programs. The command-line version of Wireshark (called Tshark) Contains the following three programs to assist in manipulating … Continue reading →

Posted in Supporting Programs | Comments Off

Great Resources

Posted on March 24, 2010 by admin

Some of the best resources for Wireshark information and support include e-mail distribution lists (see Www. wireshark. org/lists for the appropriate form). Note When filling out the application, a password is sometimes e-mailed to you in cleartext. Make sure that … Continue reading →

Posted in What is Wireshark? | Comments Off

Wireshark’s User Interface

Posted on March 22, 2010 by admin

Wireshark's GUI is configurable and easy to use. And like other network analyzers, Wireshark displays capture information in three main panes. Figure 2.1 shows what a typical Wireshark capture looks like. Each window is adjustable by clicking on the row … Continue reading →

Posted in What is Wireshark? | Comments Off

Supported Protocols

Posted on March 21, 2010 by admin

When a network analyzer reads data from the network it needs to know how to interpret what it is seeing and then display the output in an easy-to-read format. This is known as Protocol decoding. Often, the number of protocols … Continue reading →

Posted in What is Wireshark? | Comments Off

Compatibility

Posted on March 20, 2010 by admin

As stated, Wireshark can read and process capture files from a number of different products, including other sniffers, routers, and network utilities. Because Wireshark uses the popular Promiscuous Capture Library (libpcap)-based capture format, it interfaces easily with other products that … Continue reading →

Posted in What is Wireshark? | Comments Off