Scribd
Upload
101 views

Capturing A Packet Using Shark

This document provides instructions for capturing and analyzing network packets using Wireshark. It describes how to install Wireshark, start a packet capture by pressing the start button in Wireshark, stop the capture by pressing the stop button, and save the capture file. It also explains how to filter the capture file to only show certain packet types, such as HTTP traffic, and how to investigate DNS requests and the TCP three-way handshake in the capture.

Uploaded by

Anitha M
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
101 views

Capturing A Packet Using Shark

This document provides instructions for capturing and analyzing network packets using Wireshark. It describes how to install Wireshark, start a packet capture by pressing the start button in Wireshark, stop the capture by pressing the stop button, and save the capture file. It also explains how to filter the capture file to only show certain packet types, such as HTTP traffic, and how to investigate DNS requests and the TCP three-way handshake in the capture.

Uploaded by

Anitha M
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Capturing a Packet Using shark

Capturing a Packet Using Wireshark


To install Wireshark on a Windows 10 computer, and then capture a packet.
Installing Wireshark

Download the Windows Installer (64 bit)..

Accept the default settings.


The following wizard will appear (see below).
Press Finish.

The Wireshark installation will still be running in the background.

Capturing Packets
Preparation Before Capture
Go to Google and search for ‘Josh Dobbs Mike Glennon’.
The top of the sea

Starting the Capture


Start Wireshark, go to Capture, then press Start.Go to your Google and press the hyperlink for
the preceding article.

Stop the Capture


Go to Wireshark, Capture menu, and Press Stop.Captured quite a few packets.
On this occasion, you will have captured over 20,000 packets in about 3 minutes.

Saving the Capture File


On the Wireshark console, in the top left-hand corner, choose File.Then select ‘Save as‘ and
save it as a pcap file (a packet capture file).
Accept the default settings by pressing Next.
The following wizard will appear (see below).
Press Finish.

The Wireshark installation will still be running in the background.


It should take roughly another 2-3 minutes.
The wizard will appear to say the installation is complete.
Select Next, then Finish.
You will now see a Wireshark shortcut on the desktop, the same as below:
Double-click it and choose your network interface.
When your Wireshark console appears, it should look similar to that shown below.
If you need to change the interface, go to Capture and select Options.

The view above shows The Main Window, which is broken into different sections:
The Menu: This is broken into the following 11 headings:
File, Edit, View, Go, Capture, Analyze, Statistics, Telephony, Wireless, Tools, Help.
The Filter Toolbar: This has a filter pane when you type in the protocol that you want to view.
The Packet List: This shows all packets that are captured and is shown in blue in the preceding
image.
The Packet Details Pane: This is the gray area that shows the protocol fields of the packet.
The Packet Bytes Pane: This shows a canonical hex dump of the packet data.
Capturing Packets
Go to the Capture drop-down menu option.
Options lets you change the network interface.
Press the shark symbol with the word Start.
Once you are finished capturing the traffic, press the red square with the word Stop on it.
These menus are context-sensitive; for example, the Stop button does not become live until after
the Start button appears.
Tip
Always have your web browser ready before you press ‘Start’.
Once you start up Wireshark, you will capture a vast amount of traffic.
After capturing it, you can filter the different types of traffic.
Preparation Before Capture
Go to Google and search for ‘Josh Dobbs Mike Glennon’.
The top of the search list should be similar to that shown below.
If that article is not available, go to the Amazon website instead and search for the Ian Neil
Security+.
The following instructions will be the same.
Starting the Capture
Start Wireshark, go to Capture, then press Start.
Go to your Google and press the hyperlink for the preceding article.
You will then see a massive number of packets being captured.
Stop the Capture
Go to Wireshark, Capture menu, and Press Stop.
You should have captured quite a few packets.
On this occasion, you will have captured over 20,000 packets in about 3 minutes.
Saving the Capture File
On the Wireshark console, in the top left-hand corner, choose File.
Then select ‘Save as‘ and save it as a pcap file (a packet capture file).
Filtering the Capture File (cap)
In the packet that you captured, you have inserted the filter http.
You can now see only TCP and HTTP traffic.
The packet 16340 relates to your arrival at the articles on the nfl.com website.
The IP Address is 172.20.10.1, and the destination is 151.101.62.2.
The request to go to a website uses the HTTP verb GET.
Can you now search your trace for the packet when you arrived at this article?
Open the frame in the packet details pane.
You will see that it is using IPV4, and the traffic is TCP.
Expand the HTTP packet, and the referrer will show the page that you visited.
Complete the following exercises to investigate DNS traffic:
DNS traffic – Start a new capture and run the following commands:

 Start a Wireshark capture.


 Open a command prompt.
 Type ipconfig /flushdns (clears the DNS cache).
 Ping www.packtpub.com.
 Type ipconfig /displaydns (displays the DNS cache).
 Check the trace entries.
 Start a new capture.
 Type nslookup www.packtpub.com and press Enter.
 Open a web browser and go to www.packtpub.com.
 Check the trace entries.
TCP 3 Way handshake – Start a new capture and carry out the following task:

 Go to a website of your choice and make a packet filter.


 Look through the filter for TCP traffic.
 Right-click one of the TCP packets. Scroll down to conversation filter and choose TCP.
This should then give you all the TCP 3-way handshake information.
Look for SYN – SYN\ACK and then ACK.
It will show a successful connection.
After this practical, you will have installed Wireshark, captured a packet, and filtered the trace.
Try and use this at least once a week.
Visit www.wireshark.org, obtain the documentation, and then watch some videos on YouTube
until you become proficient.
This is a great skill for your CV/resume.
Check out the book CompTIA Security+: SY0-601 Certification Guide to help you pass on the
first attempt.
This site supports the book CompTIA Security+: SY0-601 Certification Guide, by Ian Neil
ISBN 9781800564244
Published by Packt
Buy on Amazon
Buy direct from Packt
Connect with the author on LinkedIn
© 2023 Ian Neil. All rights reserved.
Content may not be copied or downloaded.
The CompTIA Security+ words and logos are registered trademarks of The Computing
Technology Industry Association, Inc.
The content of this website is not affiliated with or endorsed by CompTIA.
View Packt's privacy policy
We use cookies on our website to analyse traffic and learn how we can improve the experience
for our users. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie SettingsAccept Read More

You might also like