Wireshark Lab

Packet sniffer:- Packet sniffer is a tool for observing the messages exchanged between executing protocol entities. A packet sniffer captures (“sniffs”) messages being sent/received from/by your computer; it will also typically store and/or display the contents of the various protocol fields in these captured messages.

Packet sniffers or protocol analyzers are tools that are commonly used by network technicians to diagnose network-related problems

There are two parts in Packet Sniffers:-

i)- Packet Capturing(PCAP):- . Capturing all link-layer frames thus gives you all messages sent/received from/by all protocols and applications executing in your computer.

ii)-Packet Analyzer:- displays the contents of all fields within a protocol message. In order to do so, the packet analyzer must “understand” the structure of all messages exchanged by protocols. For example, suppose we are interested in displaying the various fields in messages exchanged by the HTTP protocol in Figure 1. The packet analyzer understands the format of Ethernet frames, and so can identify the IP datagram within an Ethernet frame.

Tools Are Used in Packet Sniffing

1) Open Source Tools:- Wireshark, XPlico etc,

2) Purchased Tools:- Capsa Network Analyzer ,Carnivore (FBI),CommView,dSniff,ettercap,Fiddler,Kismet,Lanmeter,Microsoft Network Monitor

WireShark:-

Download and install from http://www.wireshark.org/download.html

Running Wireshark :- When you run the Wireshark program, you’ll get a startup screen that looks something like the screen below

References:- http://www-net.cs.umass.edu/wireshark-labs/

http://cs.baylor.edu/~donahoo/tools/sniffer/sniffingFAQ.htm