Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Wireshark Help

  • 12-12-2007 7:11pm
    #1
    Caryatnid
    Registered Users, Registered Users 2 Posts: 555 ✭✭✭


    Hi. I hope I'm posting in the right forum. I have this in Security because Wireshark is a packet sniffer.

    So: I have just started to use Wireshark. The problem is, I can't understand on a low-level what Wireshark is showing me. For example, if a laptop is communicating to another laptop on another network, what does Wireshark show me? Does each line show 'a hop'? When I see the 'source' and 'destination', does this mean the source and destination of each hop, or the first 'source' and final 'destination'? Also, in the 'Packet Details pane', if the Ethernet source is shown as X, and the IP source is shown as Y, do these correspond to the same machine, does this mean X has an IP address of Y?

    Appreciate any help or pointers on this. Sorry for being confusing.

    Cary.


Comments

  • #2
    Black Swan
    Moderators, Category Moderators, Science, Health & Environment Moderators, Society & Culture Moderators Posts: 47,528 CMod ✭✭✭✭Black Swan


    What is your purpose? Does this mean that you want help from us to sniff/snoop other peoples wifi communications? For example, to intercept unencrypted hotspot wifi emails and chats between b/fs and g/fs? Or private account information that someone is foolish enough to wifi transmit (like so many do) without the protection of SSL or VPN? Or do you have some other purpose in mind?


  • #3
    liamo
    Registered Users, Registered Users 2 Posts: 1,193 ✭✭✭liamo


    Caryatnid wrote: »
    I can't understand on a low-level what Wireshark is showing me. For example, if a laptop is communicating to another laptop on another network, what does Wireshark show me? Does each line show 'a hop'?

    If you are looking in the upper pane, it is displaying a summary. If you are looking in the lower pane, it is displaying the various layers, eg Ethernet, IP, TCP, HTTP.
    When I see the 'source' and 'destination', does this mean the source and destination of each hop, or the first 'source' and final 'destination'? Also, in the 'Packet Details pane', if the Ethernet source is shown as X, and the IP source is shown as Y, do these correspond to the same machine, does this mean X has an IP address of Y?

    Source and Destination have different meanings depending on the layer.
    The Ethernet source is the MAC address of the device that placed the Frame on the wire on your local network. The IP source is the IP Address of the device that is the ultimate source of the packet.

    In order for you to understand what Wireshark is telling you, you really need to learn a bit about the subject matter. A good place to start is Wikipedia. If you're very interested and are prepared to spend a bit of money, the best book in the world (IMHO) on the subject is The TCP/IP Guide (ISBN-10 : 159327047X).

    Regards,

    Liam


  • #4
    monkey tennis
    Closed Accounts Posts: 583 ✭✭✭monkey tennis


    Bear in mind that if you're on a switch, you're only going to see broadcasts from other hosts on that same network, not unicasts (host to host). You can still learn about TCP/IP by examining traffic going to/from your own host.

    As Wireshark sorts info by layer (in the lower pane), it's useful for learning about protocols by comparison to the OSI model. You can see how layer2 (MAC) addressing works in comparison to layer3 (IP), etc. Plus, you can hide away info you're not interested in, while looking at the stuff you are.

    To get info on the correlation between an IP address (L3) and a MAC address (L2), look into the Address Resolution Protocol (ARP).


Advertisement