Wireshark - Network analyzing software(Website Vulnerability scanner)
Present by:
LAXMI INSTITUTION OF TECHNOLOGY
Sr. no. Name Enrollment No.
1 Nakum Dharmesh M. 150863109005
2 Nayakvade Ragini B. 150863109006
3 Parmar Ashish V. 150863109007
4 Patel Bhavin S. 150863109008
5 Yadav Dhananjay I . 140603109063
Sub: Cyber Security 2150002
Content What is Wireshark Where it use How it works Some practical things
What is Wireshark?
- Network packet/protocol analyzer- One of the best open source packet analyzers available today for UNIX and Windows
You could think of a network packet analyzer as a measuring device used to examine what’s going on inside a network cable, just like a voltmeter is used by an electrician to examine what’s going on inside an electric cable (but at a higher level, of course).
Wireshark is perhaps one of the best open source packet analyzers available today.
Where it use?
- Network Administrators use it to troubleshoot network problems- Network security engineers use it to examine security problems- Testers use it to detect defects :)- People use it to learn network protocol internals.
WireShark – Sample Demo
A vulnerability scanner is a computer program designed to assess computers,
computer systems, networks or applications for weaknesses.
They can be run either as part of
vulnerability management by those tasked with protecting systems - or by black hat attackers looking to gain unauthorized access.
Website Vulnerability Scanner:
The following are some of the many features Wireshark provides: •Available for UNIX and Windows.•Capture live packet data from a network interface. •Open files containing packet data captured with tcpdump / WinDump, •Wireshark, and a number of other packet capture programs. •Import packets from text files containing hex dumps of packet data. •Display packets with very detailed protocol information. •Save packet data captured. •Export some or all packets in a number of capture file formats. •Filter packets on many criteria.•Search for packets on many criteria.•Colorize packet display based on filters.•Create various statistics.... and a lot more!.
Features:
How it works?For Windows- download (http://www.wireshark.org/download.html)
- install- use
Open Wireshark. Click the "Capture" menu, then click "Interfaces." A small window with all of your networking interfaces will appear. If you use any network traffic, you will start to see packets coming in.
Wireshark Interface
13
14
Wireshark Interface
Status Bar
15
HTTP Analysis
HTTP Analysis – Load Distribution
Click “Create Stat” buttonYou can add “filter” to onlyShow selected traffic
HTTP Analysis – Packet Counter
HTTP Analysis – Requests
Each line represents a packet, and there are 7 columns that provide information about it is number column shows the order of the packet when you start recording network traffic. This is to provide you with number reference so that you can easily identify particular packet.
The time is in seconds, up to 6 decimals, when the packet was received after you started to record network traffic.
The source includes the Internet Protocol (IP) address of the packet's origin.
The destination IP records where a particular packet is going.
The protocol the packet uses. The most common are TCP, UDP and HTTP.
Examine each packet's information.
Video
The End