Lab 2.6.2: Using Wireshark
Lab 2.6.2: Using Wireshark™ to View Protocol Data Units
Learning Objectives
• Be able to explain the purpose of a protocol analyzer (Wireshark).
• Be able to perform basic PDU capture using Wireshark.
• Be able to perform basic PDU analysis on straightforward network data traffic.
• Experiment with Wireshark features and options such as PDU capture and display filtering.
Background
Wireshark is a software protocol analyzer, or "packet sniffer" application, used for network troubleshooting, analysis, software and protocol development, and education. Before June 2006, Wireshark was known as Ethereal.
A packet sniffer (also known as a network analyzer or protocol analyzer) is computer software that can intercept and log data traffic passing over a data network. As data streams travel back and forth over the network, the sniffer "captures" each protocol data unit (PDU) and can decode and analyze its content according to the appropriate RFC or other specifications.
Wireshark is programmed to recognize the structure of different network protocols. This enables it to display the encapsulation and individual fields of a PDU and interpret their meaning.
It is a useful tool for anyone working with networks and can be used with most labs in the CCNA courses for data analysis and troubleshooting.
For information and to download the program go to - http://www.Wireshark.org
Scenario
To capture PDUs the computer on which Wireshark is installed must have a working connection to the network and Wireshark must be running before any data can be captured.
When Wireshark is launched, the screen below is displayed.
[pic]
To start data capture it is first necessary to go to the Capture menu and select the Options choice.
The Options dialog provides a range of settings and filters which determines which and how much data traffic is captured.
[pic]
First, it is necessary to ensure that Wireshark is set to monitor
Learning Objectives
• Be able to explain the purpose of a protocol analyzer (Wireshark).
• Be able to perform basic PDU capture using Wireshark.
• Be able to perform basic PDU analysis on straightforward network data traffic.
• Experiment with Wireshark features and options such as PDU capture and display filtering.
Background
Wireshark is a software protocol analyzer, or "packet sniffer" application, used for network troubleshooting, analysis, software and protocol development, and education. Before June 2006, Wireshark was known as Ethereal.
A packet sniffer (also known as a network analyzer or protocol analyzer) is computer software that can intercept and log data traffic passing over a data network. As data streams travel back and forth over the network, the sniffer "captures" each protocol data unit (PDU) and can decode and analyze its content according to the appropriate RFC or other specifications.
Wireshark is programmed to recognize the structure of different network protocols. This enables it to display the encapsulation and individual fields of a PDU and interpret their meaning.
It is a useful tool for anyone working with networks and can be used with most labs in the CCNA courses for data analysis and troubleshooting.
For information and to download the program go to - http://www.Wireshark.org
Scenario
To capture PDUs the computer on which Wireshark is installed must have a working connection to the network and Wireshark must be running before any data can be captured.
When Wireshark is launched, the screen below is displayed.
[pic]
To start data capture it is first necessary to go to the Capture menu and select the Options choice.
The Options dialog provides a range of settings and filters which determines which and how much data traffic is captured.
[pic]
First, it is necessary to ensure that Wireshark is set to monitor