Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
23 views6 pages

Working With Wireshark

Uploaded by

manjulam.csi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
23 views6 pages

Working With Wireshark

Uploaded by

manjulam.csi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Network Analysis with Wireshark

wireshark is a packet sniffing tool through which we can capture the packet ,see the contents inside
the packet like the protocolswhich are being used and the paylaod , even the user credentials of this
is being passed and even filter the packets which belpng to a particular protocol.

step1) open the terminal and run the wireshark on the preferred interface

wireshark -i lo

here i ran this command on loop back ip because i wanted to check the color coding then i ran nmap
commands which as -sU,-sT so that i could create the tcp and udp packets and also ping so that i
could create a icmp traffic, i got the following output

here i could conclude that the udp are gray and icmp packets are green in colour and red colour
indicates a rst or violation and we can observe the 3 way handshake that took place

now i ran wireshark on eth0 by the following command: wireshark -i eth0

i opened the browser and searched the website bmsce.ac.in as we know the queries were sent to
dns(applied th filter) so i got the following output
thus i indicates that the dns packets are blue in colour

this concluded the colour coding part

packet filtering

i ran ip.addr==192.168.1.107 filter to get the packets related to ip adress 192.168.1.107 and got the
following output
i entered the filter tcp.port==80 to get the tcp packets consits of port 80 either in source or
destination

to filter the packets which has 192.168.1.107 has source i applied the filter ip.src==192.168.1.107

to identify the packets which has 192.168.1.107 has destination i applied the filter
ip.dst==192.168.1.107
to filter the packets which has udp length less than particular value say 100 i ran the following filter
udp.length<100

to get udp packet associated with a particular port i ran the following filter udp.port==<port>

to find packets with the ack flag set i ran the following filter tcp.flags.ack

to filter http packets i ran the following filter http


this concludes the filtering section

Packet analysis

in last image there was a packet which had post request associated with it(4 th one from the end) so
i decided to dig in to that packet for further information. i went to application layer of that protocol
and found that the user was trying to add information to the /userinfo.php page and at the bottom
of the page i found the login parameters as uname="test" and pass="test"

(note : this test was conducted against website http://testphp.vulnweb.com/login.php which has
been developed for testing purposes)
so i right-clicked that particular packet got “FOLLOW”, in which there were two more i.e., follow
TCP_STREAM and follow HTTP_STREAM i analyzed both of them and here are the output

TCPSTREAM

HTTPSTREAM

You might also like