JOHNSON GICHURE WAIYEGO
KPSK-OU-31
Wireshark Packet Analysis Exercise
Familiarize yourself with Wireshark, a network protocol analyzer, and
basic packet analysis techniques.
Wireshark is a software tool used to monitor the network traffic through a
network interface. It is the most widely used network monitoring tool today.
Wireshark is loved equally by system administrators, network engineers,
network enthusiasts, network security professionals and black hat hackers.
There are many reasons why Wireshark is so popular:
It has a great GUI as well as a conventional CLI (T Shark).
It offers network monitoring on almost all types of network standards
(ethernet, wlan, Bluetooth etc.)
It is open-source with a large community of backers and developers.
All the necessary components for monitoring, analyzing and
documenting the network traffic are present. It is free to use.
Fundamental Packet Analysis Methods:
Examine the protocols (such as TCP, UDP, HTTP, and DNS) that are
being used in the packets that have been recorded to identify their
usage.
Determining Origins and Destinations: To find out who is speaking
with whom, look up the IP addresses and ports at the source and
destination.
Tracking TCP Streams: This can help you understand application-
layer protocols such as HTTP by exposing the real data that is
transferred over TCP connections.
Finding Oddities: Keep an eye out for odd trends, unexpected traffic,
or communication mistakes.
Analyzing Timing: To identify problems with network performance,
analyze packet timing (e.g., delays, response times).
Wireshark, as a robust network protocol analyzer, offers several
fundamental features that make it a valuable tool for network
troubleshooting, analysis, and security investigations. Here are the basic
features of Wireshark:
The basic features of Wireshark are:
Live Packet Capture: Wireshark allows users to capture live packet
data from a network interface. It supports a wide range of network
interfaces including Ethernet, Wi-Fi, Bluetooth, USB, and more.
� Offline Analysis: Apart from live capturing, Wireshark can also
analyze packet capture files that have been saved previously. This
feature is useful for post-incident analysis or when capturing live
traffic isn't feasible.
Rich Display Filters: Wireshark provides powerful filtering
capabilities to focus on specific packets of interest. Filters can be
based on protocols (e.g., TCP, UDP), addresses (e.g., IP, MAC), ports,
packet length, and many other criteria. This helps in isolating and
analyzing specific network traffic patterns.
Exporting Data: Captured packet data can be saved in various
formats including pcapng, pcap, CSV, and plain text. This facilitates
sharing findings with colleagues or further analysis using other tools.
Cross-Platform Support: Wireshark is available for multiple
platforms including Windows, macOS, and various Unix-like operating
systems (e.g., Linux). This ensures flexibility and consistency across
different environments.
