4. Cace Technologies
Where Gerald Works (for now)
Home of AirPcap
For wireless captures of 802.11 frames
TurboCap
Wireshark Appliances
Pilot Reporting Software
8. Other Tools
T Shark TCPDump
Included with wireshark Native to *nix
Netmonitor Windows version
Capsa Snoop
Cain Sun Microsystems
Windump Ettercap
Dsniff
Ngrep
33. System Settings
C:program fileswireshark
Dfilters – display filters
Dumpcap - program
Editcap – edit .pcap files
Mergecap – merge .pcap files
Rawshark – capture in “raw” format
Text2pcap – conversion tool
Tshark – cli version of wireshark
Colorfilters (don’t touch!)
34. Ring Buffers
What are they Configuring
Where are they stored Single/multiple
Why are they useful What size
How often
How many
Stopping
Add some slides here but hide them when not needed.
GusBrian
Orignial Author and Developer
Mention Turbocap,Airpcap, and Pilot
Where to begin
Get some more information on commercial tools available.
Explain the outline of the day. 45 minute hours with 10 minute or longer labs and potty and snack breaks builtin.
Show off slides of other sniffersIntroduce tcpdump and tshark and let them know we will provide more info in the advanced section after lunchTalk about how you discuss the transmission medium – wire v fiber v air
Hide when not needed for advanced users.
Check your NIC to see if TCP Checksum offload is available and/or turned on or off. If on it will cause your frames to be 4 bytes smaller than normal because you will not see the FCS at the end of the frame.
Perhaps a more detailed explanation of each of these. Maybe attach and appendix with more detailed info.Mention window size and why it is importantRunts and giantsTcp flagintrduction
See if Gus can give more on NS, CWR and ECE
Just an example of an ACK segment
Go to http://www.wireshark.org and download and reinstall the latest 64 bit version on your system.Install wireless USB nics.Let them do some will packet captures is they want to just mess around as we will go over the application in the next session.
Explain
Explain
HubsSwtichesIn line taps
Colorizing LabReviewthe captures provided.Explore your preferences.Create different profiles for situations like Wlan v Lan v WAN captures.Create profiles for preferred networks.Explore your directory structures.Create at least two coloring rules.Create at least two new capture filters to be applied to a capture file.Create at least two display filters to be applied to a capture file.
Display Filter labCreate a capture of at least 2 meg that consists of 2 1 meg files.Attempt to user mergecap to combine the two files.Download windump, run and attempt to open your saved capture with Wiresharkwindump –i <interface name> > <filename>
Capture filter labDisplay Filter labCreate a capture of at least 2 meg that consists of 2 1 meg files.Attempt to user mergecap to combine the two files.Download windump, run and attempt to open your saved capture with Wiresharkwindump –i <interface name> > <filename>