NEA-SEA ITC 2009

WiresharkMarch 2009 ITCJay Hall

What is Wireshark?

Wireshark is a free packet sniffer used for network troubleshooting and analysis.

Wireshark was previously know as Ethereal.

Setup

Switch ports must be “mirrored” to a single port so monitoring can take place.

All packets are forwarded to a single switch port and are captured by Wireshark This is called “Promiscuous Sniffing”.

This is not something dogs do.

A Word of Caution

Servers which have ip forwarding enabled should probably not be used to capture packets.

Recently, I used a server with ip forwarding enabled to capture packets. Server the server was seeing all of the packets on

the network it was forwarding packets back to the network which were not destined for the server.

The good news is Wireshark caught it all.

Wireshark Log Files

Wireshark Demo

Questions

???????????????

The End