+ Post New Thread
Results 1 to 6 of 6
Wired Networks Thread, Using Wireshark in Technical; Hi All, Does anybody have some kind of easy to follow guide to using Wireshark, i.e. things to look out ...
  1. #1

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    292
    Thank Post
    17
    Thanked 11 Times in 8 Posts
    Rep Power
    21

    Using Wireshark

    Hi All,

    Does anybody have some kind of easy to follow guide to using Wireshark, i.e. things to look out for in captures / what's good / what's bad

    I've hunted around and can't seem to find anything, and the caputure files are often a mindfield!

    Many Thanks,

    Matt

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Perhaps if you tell us what question you want wireshark to answer we can give you some example filters to try on your network?

  3. #3

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    292
    Thank Post
    17
    Thanked 11 Times in 8 Posts
    Rep Power
    21
    Thanks Geoff,

    I just want to find out really what "junk" is flying around the network that shouldn't be flying around the network... but I'm unsure what I should be looking for in the captures to spot what is "junk" and what is needed etc

    When I run a capture I see alot of Broadcast ARP requests, I don't know what's nornal or not, I get many NBNS querries looking for some computer names that don't exist on the network, I get lots of "Host Announcments" - "Potential Browser", again I don't kniow if this is "normal" or a mis-configuration somewhere in the setup of the computers

    If somebody has a guide or can point out things that I shouldn't worry too much if I see them in a caputure file or things that if I see them then "hey you've got a problem" then that would be a great help!

    Thanks

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Ok you are basically looking at broadcast traffic. ARP and Netbios traffic is normal. As are LLDP and STP. Anything else you should be suspicious of. In particular look out for things broadcasting on protocols you don't use (eg SSDP, DHCPv6, MDNS, IPX, Appletalk).

    You also might want to look at the wiki.

    DisplayFilters - The Wireshark Wiki

  5. #5


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,070
    Thank Post
    232
    Thanked 2,719 Times in 2,007 Posts
    Rep Power
    797
    The following book might be worth getting if you want to learn more about WireShark and how to interpret the captures. I bought a copy when the publisher had a sale last month, but I haven't got around to reading it yet (the reviews on Amazon all say it's good though ).

    Practical Packet Analysis, 2nd Edition by Chris Sanders
    Using Wireshark to Solve Real-World Network Problems

  6. Thanks to Arthur from:

    RabbieBurns (19th June 2012)

  7. #6

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    292
    Thank Post
    17
    Thanked 11 Times in 8 Posts
    Rep Power
    21
    Thanks both... I've put an order in for one of those books!

    Regards

    Matt

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 60
    Last Post: 13th March 2008, 05:39 PM
  2. Anyone use the Bromcom system?
    By tarquel in forum MIS Systems
    Replies: 38
    Last Post: 25th May 2007, 04:11 PM
  3. Use of domain password (& staff AUP, etc.) ;)
    By mark in forum School ICT Policies
    Replies: 22
    Last Post: 29th June 2005, 02:36 PM
  4. Parental Consent to use the internet at school
    By mark in forum School ICT Policies
    Replies: 20
    Last Post: 24th June 2005, 11:18 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •