INTRODUCTION

The purpose of this document is to introduce the packet sniffer WIRESHARK.

WIRESHARK would be used for the lab experiments. This document introduces the

basic operation of  WIRESHARK.

PACKER SNIFFER:

The basic tool for observing the messages exchanged between executing protocol entities

messages being sent/received from/by your computer; it will also typically store and/or

display the contents of the various protocol fields in these captured messages. A packet

sniffer itself is passive. It observes messages being sent and received by applications and

protocols running on your computer, but never sends packets itself. Similarly, received

packets are never explicitly addressed to the packet sniffer. Instead, a packet sniffer

executing on your machine.

Figure 1 shows the structure of a packet sniffer. At the right of Figure 1 are the protocols

(in this case, Internet protocols) and applications (such as a web browser or ftp client)

that normally run on your computer. The packet sniffer, shown within the dashed

rectangle in Figure 1 is an addition to the usual software in your computer, and consists

is sent from or received by your computer. Messages exchanged by higher layer protocols

such as HTTP, FTP, TCP, UDP, DNS, or IP all are eventually encapsulated in link-layer

frames that are transmitted over physical media such as an Ethernet cable. In Figure 1,

the assumed physical media is an Ethernet, and so all upper layer protocols are eventually

encapsulated within an Ethernet frame. Capturing all link-layer frames thus gives you all

messages sent/received from/by all protocols and applications executing in your

computer.

contents of all fields within a protocol message. In order to do so, the packet analyzer

must “understand” the structure of all messages exchanged by protocols. For example,

suppose we are interested in displaying the various fields in messages exchanged by the

HTTP protocol in Figure 1. The packet analyzer understands the format of Ethernet

frames, and so can identify the IP datagram within an Ethernet frame. It also understands

the IP datagram format, so that it can extract the TCP segment within the IP datagram.

Finally, it understands the TCP segment structure, so it can extract the HTTP message

contained in the TCP segment. Finally, it understands the HTTP protocol and so, for

example, knows that the first bytes of an HTTP message will contain the string “GET,”

“POST,” or “HEAD”.

Running Wireshark

When you run the Wireshark program, the Wireshark graphical user interface shown in
Figure 2 will de displayed. Take a look at the row of icons under the menu toolbar.
The second icon from the left is the icon you want to click to set up a capture.

Figure 2: Wireshark Network Analyzer Window

Clicking on this button open up the Capture Options window shown in Figure 3. In the Capture Options
window you must configure, at minimum, an interface which to use for the capture. All available
interfaces will be listed in the Interface dropdown.

From the menu bar select Capture then select Options

You will be greeted by the Capture Options window  as shown below:

Figure 3: Capture Options Window

Exit Wireshark.