Presented in May 2010
This presentation goes through the Wireshark network analyzer. It presents an overview of the different features that I've found useful while doing network performance analysis for ICS network protocols.
08448380779 Call Girls In Friends Colony Women Seeking Men
Â
Wireshark Network Protocol Analyzer
1. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Wireshark Network Protocol
Analyzer
Jim Gilsinn
Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
Sensor Standardization & Harmonization Working Group
May 18, 2010
1
2. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Overview
âą
âą
âą
âą
âą
Wireshark: What Is It?
A Brief History
What Can It Do?
How Do I Use It?
Demo
â
â
â
â
Starting Screen
Capture Screen
Capture File Statistics
Packet Filtering
âą Summary
âą Where Can I Get It?
Sensor Standardization & Harmonization Working Group
May 18, 2010
2
3. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Wireshark: What Is It?
âą De-facto network packet analyzer
âą Open-source
â GNU General Public License
â Over 680 Contributors
âą Multi-platform
â Pre-compiled installers for PC/Mac
â Source code & instructions for Unix & Linux
âą Extensible
â Add-ons and extensions are relatively easy to build
Sensor Standardization & Harmonization Working Group
May 18, 2010
3
4. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
A Brief History
âą Started out in 1998 as Ethereal 0.2.0
âą Became Wireshark in 2006
â Original developer changed companies
â Name remained property of previous company
â Started as Wireshark 0.99
âą Currently 3 versions available
â Version 1.0.13 â Old stable release
â Version 1.2.8 â Stable release
â Version 1.3.5 â Development release
Sensor Standardization & Harmonization Working Group
May 18, 2010
4
5. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
What Can It Do?
âą Capture live network traffic
â Variety of networks (Ethernet, WiFi, Bluetooth, USB, etc.)
âą Import capture files from multiple packages
â 35 different file network capture file formats
âą Display packets in great detail
â Over 1000 different protocol decoders have been written
âą Identify bad packets
â Wireshark knows what the packets should look like
âą Search and filter packets
â Over 75k different filter variables
âą Track âconversationsâ
Sensor Standardization & Harmonization Working Group
May 18, 2010
5
6. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
How Do I Use It?
âą Protocol & data analysis
â Analyze client-server interaction, errors, network data
verification
âą Latency
â Client-server request-response timing
Sensor Standardization & Harmonization Working Group
May 18, 2010
6
7. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
How Do I Use It?
âą Non-web-based applications
â Jitter on repeating network packets
â Hardware-assisted packet analysis
Sensor Standardization & Harmonization Working Group
May 18, 2010
7
8. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
How Do I Use It?
Sensor Standardization & Harmonization Working Group
May 18, 2010
8
9. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Starting Screen
Sensor Standardization & Harmonization Working Group
May 18, 2010
9
10. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Capture Screen
Sensor Standardization & Harmonization Working Group
May 18, 2010
10
11. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Capture Screen: Filtered Packets
Sensor Standardization & Harmonization Working Group
May 18, 2010
11
12. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Capture Screen: Packet Details
Sensor Standardization & Harmonization Working Group
May 18, 2010
12
13. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Capture Screen: Packet Hex/ASCII
Sensor Standardization & Harmonization Working Group
May 18, 2010
13
14. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Capture File Statistics
Sensor Standardization & Harmonization Working Group
May 18, 2010
14
15. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Statistics: Summary
âą Basic information
about the file
âą File format
âą Number of packets
âą Capture duration
âą Average
packets/second
Sensor Standardization & Harmonization Working Group
May 18, 2010
15
16. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Statistics: Protocol Hierarchy
âą Displays protocol layering
âą Shows basic statistics for each protocol layer
Sensor Standardization & Harmonization Working Group
May 18, 2010
16
17. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Statistics: Conversations
âą Identifies and tracks individual streams of traffic
âą Can track multiple protocols
Sensor Standardization & Harmonization Working Group
May 18, 2010
17
18. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Statistics: IO Graph
âą Graphical representation of packet timing
âą Helps identify causes/effects for packets
Sensor Standardization & Harmonization Working Group
May 18, 2010
18
19. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Packet Filtering
Sensor Standardization & Harmonization Working Group
May 18, 2010
19
20. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Building Packet Filters
Sensor Standardization & Harmonization Working Group
May 18, 2010
20
21. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Summary
âą Wireshark is the de-factor standard
â Very versatile
â Extensible
âą Wireshark provides insight into whatâs
happening on the network
â Capture and view network traffic
â Investigate network issues
â Monitor application interactions
âą The only way to understand your network is to
understand the packets
Sensor Standardization & Harmonization Working Group
May 18, 2010
21
22. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Where Can I Get It?
âą Wireshark Website
â http://www.wireshark.org
âą Wireshark Download
â http://www.wireshark.org/download.html
âą Wireshark Documentation
â http://www.wireshark.org/docs/
âą Wireshark Wiki
â http://wiki.wireshark.org/
Sensor Standardization & Harmonization Working Group
May 18, 2010
22
23. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Questions?
âą Jim Gilsinn
â Intelligent Systems Division
Manufacturing Engineering Laboratory
National Institute of Standards & Technology
100 Bureau Drive, Stop 8230
Gaithersburg, MD 20899-8230
â 301-975-3865
â james.gilsinn@nist.gov
â http://www.nist.gov/mel/isd
Sensor Standardization & Harmonization Working Group
May 18, 2010
23