OVERVIEW
In this project, the real time capturing and analysis of networks packets is done with the help of Wireshark tool. The main goal is to explain the procedure that involves using capture filters, defining the network interface for sniffing, and analyzing the results. It serves in analyzing networks, identifying problems within or with the network and makes sure the network is secure.
STEPS:
- The `ifconfig` command is used to show the network configuration for the `eth0` (Ethernet) including IP addresses, MAC address, and traffic statistics.
- Switched to the root user using sudo -s and Launching Wireshark by typing the command wireshark.
- The Wireshark interface is displayed, with the eth0 interface selected for starting a network capture and an optional capture filter entry field available.
- Wireshark is capturing network traffic on the eth0 interface, displaying detailed information about each packet, including source and destination IP addresses, protocol, and packet contents.
- Wireshark displays detailed information about a selected QUIC packet, including frame details, timestamp, protocol layers, and raw data in hexadecimal and ASCII formats.
- Filtered HTTP and OCSP (Online Certificate Status Protocol) traffic is shown, with packet details and raw data content of a selected HTTP packet in hexadecimal and ASCII formats.
- The context menu for a selected packet is open, showing options such as applying filters, following the TCP stream, copying details, and viewing packet comments
- “Follow” option is used to follow the HTTP or TCP stream to see the full communication sequence.
- The full HTTP stream of a selected conversation is displayed, showing the request and response headers and content, with options to filter, print, or save the stream data.
- Filtered TCP packets with a focus on TCP segments, including sequence and acknowledgment numbers, window size, and flags, along with the detailed packet content in hexadecimal and ASCII formats.
- The display is filtered to show packets with the source IP address 192.168.1.14 and HTTP traffic, highlighting HTTP and OCSP (Online Certificate Status Protocol) requests and responses.
- Here display is filtered to show QUIC traffic, highlighting packets containing QUIC handshake and application data, with detailed information on encryption and protocol specifics in the packet details pane.
- Filtered TCP traffic, including packets with acknowledgment, synchronization, and application data, with details on sequence numbers, acknowledgment numbers, and TCP flags.
- Filtered ICMP traffic, showing “Destination unreachable” messages, indicating that the destination ports are unreachable for the specified IP addresses.
Leave a Reply