Wireshark Hands-On Exercises



Similar documents
Section 1 Wireless Packet Captures & Connection Analysis- A Review

Lab Exercise Objective. Requirements. Step 1: Fetch a Trace

The Wireless Network Road Trip

Wireless LAN Pen-Testing. Part I

Chapter 2 Quality of Service (QoS)

USING WIRESHARK TO CAPTURE AND ANALYZE NETWORK DATA

Wireshark Lab:

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

Transport and Network Layer

Wireshark Lab: v6.0

Introduction to Network Security Lab 1 - Wireshark

WiFi Security Assessments

How To Understand The Power Of A Network On A Microsoft Ipa 2.5 (Ipa) (Ipam) (Networking) 2 (Ipom) 2(2

Lab VI Capturing and monitoring the network traffic

CSE331: Introduction to Networks and Security. Lecture 6 Fall 2006

visual packet analysis

6.0. Getting Started Guide

Minimal network traffic is the result of SiteAudit s design. The information below explains why network traffic is minimized.

MITM Man in the Middle

Introduction to Wireshark Network Analysis

Network Traffic Analysis

VLANs. Application Note

Note! The problem set consists of two parts: Part I: The problem specifications pages Part II: The answer pages

Lab Module 3 Network Protocol Analysis with Wireshark

Tutorial on Network Management and Measurements. Tasos Alexandridis

Computer Networks/DV2 Lab

Markku Renfors. Partly based on student presentation by: Lukasz Kondrad Tomasz Augustynowicz Jaroslaw Lacki Jakub Jakubiak

IEEE Technical Tutorial. Introduction. IEEE Architecture

Wireless Local Area Networks (WLANs)

Firewall Defaults and Some Basic Rules

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Firewall Firewall August, 2003

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Websense Web Security Gateway: What to do when a Web site does not load as expected

Network Monitoring. By: Delbert Thompson Network & Network Security Supervisor Basin Electric Power Cooperative

WIRELESS LAN SECURITY (IEEE b) A Thesis. Submitted to the Department of Computer Science and Engineering. BRAC University.

AirPcap User s Guide. May 2013

Networks & Security Course. Web of Trust and Network Forensics

Address Resolution Protocol (ARP)

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4

CONNECTING WINDOWS XP PROFESSIONAL TO A NETWORK

Wireless Traffic Analysis. Kelcey Tietjen DF Written Report 10/03/06

WiNG 5.x How-To Guide

Solution of Exercise Sheet 5

Network Security. Network Packet Analysis

Ubiquiti Networks Inc. INSTANT OUTDOOR HOTSPOT User Manual

Basic processes in IEEE networks

Investigating Wired and Wireless Networks Using a Java-based Programmable Sniffer

Wireless Sniffing with Wireshark

Voice over IP. Demonstration 1: VoIP Protocols. Network Environment

IEEE 802 Protocol Layers. IEEE Wireless LAN Standard. Protocol Architecture. Protocol Architecture. Separation of LLC and MAC.

Configuring Network Address Translation (NAT)

Configuring the WT-4 for ftp (Ad-hoc Mode)

Looking for Trouble: ICMP and IP Statistics to Watch

Cisco Configuring Commonly Used IP ACLs

Wireshark Tutorial INTRODUCTION

Lab Conducting a Network Capture with Wireshark

Wireshark Deep packet inspection with Wireshark

Nokia Siemens Networks. CPEi-lte User Manual

FAQs: MATRIX NAVAN CNX200. Q: How to configure port triggering?

WAP561 Wireless-N Selectable-Band Access Point with PoE

Configuring the WT-4 for ftp (Infrastructure Mode)

Kepware Technologies Using Wireshark for Ethernet Diagnostics

A Technical Tutorial on the IEEE Protocol

shortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

LOHU 4951L Outdoor Wireless Access Point / Bridge

108Mbps Super-G TM Wireless LAN Router with XR USER MANUAL

CS6956: Wireless and Mobile Networks Lecture Notes: 2/11/2015. IEEE Wireless Local Area Networks (WLANs)

Intrusion Detection, Packet Sniffing

A Division of Cisco Systems, Inc. GHz g. Wireless-G. Access Point with SRX. User Guide WIRELESS WAP54GX. Model No.

Configuring the WT-4 for ftp (Ad-hoc Mode)

Access Point Configuration

Configuring the WT-4 for Upload to a Computer (Infrastructure Mode)

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Wireshark Tutorial. Figure 1: Packet sniffer structure

Ed. 00 GWIM. Firewall Handbook

Multi-Homing Dual WAN Firewall Router

Virtual Server and DDNS. Virtual Server and DDNS. For BIPAC 741/743GE

Chapter 3 Using Access Control Lists (ACLs)

EXPLORER. TFT Filter CONFIGURATION

The following sections describe the Gateway configuration pages in the SBG1000 Setup Program.

Hands-on Network Traffic Analysis Cyber Defense Boot Camp

Configuring the WT-4 for Upload to a Computer (Ad-hoc Mode)

Wireless VoIP Phone User s Manual

Review: Lecture 1 - Internet History

Unified Access Point (AP) Administrator s Guide

The Internet. Internet Technologies and Applications

6. INTRODUCTION TO THE LABORATORY: SOFTWARE TOOLS

Visio Enabled Solution: One-Click Switched Network Vision

PIX/ASA 7.x with Syslog Configuration Example

NfSen Plugin Supporting The Virtual Network Monitoring

Post-Class Quiz: Telecommunication & Network Security Domain

Attenuation (amplitude of the wave loses strength thereby the signal power) Refraction Reflection Shadowing Scattering Diffraction

NWA1120 Series. User s Guide. Quick Start Guide. Wireless LAN Ceiling Mountable PoE Access Point. Default Login Details

How To Configure Virtual Host with Load Balancing and Health Checking

Transcription:

Wireshark Hands-On Exercises Step 1. Plug in the Airpcap USB device. Step 2. Step 3. Open Wireshark Start Wireless Tools Wireshark. Click on Capture Interfaces. Step 4. Choose the AirPcap USB adapter and click on Options to set details for this capture. Step 5. Review the options on this page then click on Wireless Settings. Step 6. Select Channel 1 as the channel we ll be capturing from. Step 7. Return to the Options page, then click Start button to start your capture.

Step 8. Step 9. Step 10. Note, right now all packets are being shown as they come to the wireless card. Review the notes below on how to make and use Filters in Wireshark. Create a Filter to display all traffic except beacons. Step 11. Create a Filter to display only data traffic. Step 12. Create a Filter to display only Data but NOT NULL Data (going to sleep) packets. Step 13. Now try some new filters on your own. NOTE: You can review more on Wireshark from the Laura Chappell s new Wireshark Study Guide Book. Step 14. Create a Filter to capture only voice traffic. Step 15. Create a Filter to capture only FTP traffic. Step 16. Create a Filter to capture only traffic to a destination network. Step 17. Create a Filter to capture only traffic to a destination host. Step 18. How about a filter to capture Access Points with cloaked or hidden SSIDs? When an Access Point does NOT broadcast SSID, the SSID field contains no data in Beacons and Probe Response packets. But clients MUST ask for the proper hidden SSID in their requests to join the BSA. NOTE: This filter is wlan.bssid==xx:xx:xx:xx:xx:xx and wlan.fc.type_subtype==0 where the BSSID of the Access Point you are looking for is in the xx s.

Wireshark Filters for 802.11 Frames By applying the above filter, we reveal any association requests for the specific BSSID. By clicking IEEE 802.11 Wireless LAN Management Frame Tagged Parameters SSID Parameter Set in the packet detail window we can see the SSID requested by the client station, thus revealing the Hidden SSID. 802.11 Header Field Either Source or Destination Address Transmitter Address Source Address Receiver Address Destination Address BSSID Duration wlan.addr wlan.ta wlan.sa wlan.ra wlan.da wlan.bssid Wlan.duration Frame Control Subfields Frame Type Frame Subtype ToDS Flag FromDS Flag Retry Flag Protected Frame (WEP) Flag wlan.fc.type wlan.fc.subtype wlan.fc.tods wlan.fc.fromds wlan.fc.retry wlan.fc.wep Fields can be combined using operators. Wireshark supports a standard set of comparison operators: == for equality!= for inequality > for greater than >= for greater than or equal to < for less than <= for less than or equal to && Contains Matches! Not An example of a display filter would be wlan.fc.type==1 to match control frames. To remove all Beacon frames from your trace, you ll need to write a display filter that matches Beacon frames, and then negate it. Like the example below:

Filter on type code for management frames with wlan.fc.type==0 Filter on subtype code for Beacon with wlan.fc.subtype==8 Combine the two, and negate the operation by using the exclamation point for NOT with an expression result of:! (wlan.fc.type==0 and wlan.fc.subtype==8) When assessing a wireless capture with Wireshark, it is common to apply display filters to look for or exclude certain frames based on the IEEE 802.11 frame type and frame subtype files. If you are trying to exclude frames from a capture, it is easy to identify the Type and Subtype filed by navigating the Packet Details windows and use those values for your filter. Or, you can just use this handy-dandy table we ve provided below. Frame Type/Subtype Management Frames Association Request Association Response Ressociation Request Ressociation Response Probe Request Probe Response Beacon ATIM Disassociate Authentication Deauthentication Association Request Association Request Control Frames Power-Save Poll Request To Send - RTS Clear To Send - CTS Acknowledgement - ACK Data Frmaes NULL Data Filter wlan.fc.type==0 wlan.fc.type_subtype==0 wlan.fc.type_subtype==1 wlan.fc.type_subtype==2 wlan.fc.type_subtype==3 wlan.fc.type_subtype==4 wlan.fc.type_subtype==5 wlan.fc.type_subtype==8 wlan.fc.type_subtype==9 wlan.fc.type_subtype==10 wlan.fc.type_subtype==11 wlan.fc.type_subtype==12 wlan.fc.type_subtype==0 wlan.fc.type_subtype==0 wlan.fc.type==1 wlan.fc.type_subtype==26 wlan.fc.type_subtype==27 wlan.fc.type_subtype==28 wlan.fc.type_subtype==29 wlan.fc.type==2 wlan.fc.type_subtype==36

Here is a great graphical view of Wireshark s 802.11 Filter names for each part of an 802.11 frame.

Display Filter Syntax Hosts/Network Ports Various Protocols Examples ip.addr, ip.scr, ip.dst, eth.addr, eth.src, eth.dst tcp.port, tcp.srcport, tcp.dstport, udp.port, udp.srcport, udp.dstport arp, bootp, dcerpc, dns, eth, ftp, http, icmp, ip, ncp, netbios, ntp, ospf, sip, smtp, snmp, tcp, udp ip.addr==10.4.2.19!ip.addr==10.4.15.27!arp &&!bootp tcp.port==80 eth.dst==00:04:5a:df:80:37 tcp.flags.reset==1 Keyboard Shortcuts Tab Shift-Tab Down Up Ctrl-Down, F8 Ctrl-Up, F7 Left Right Backspace Return, Enter Ctrl-M Ctrl-N Ctrl-T Ctrl-Plus Ctrl-Minus Move forward between packet windows and screen elements Move backwards between packets windows screen elements Move forward to the next packet or detail item Move back to the previous packet or detail item Move to the next packet, even if the packet list is not the focus. Move to the previous packet, even if the pack list is not the focus. Closes the selected tree item in the packet detail window or move to the parent node if already closed. Expands the selected tree item in the packet detail window (does not expand the subtree) Move to the parent node in the packet detail window Toggles expansion of the selected tree item in the packet detail window Mark a packet Go to the next market packet Set time reference Zoom in (increase font size) Zoom out (decrease font size) Ctrl-Equal Zoom to 100%

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information