OSTU: How to Start a Broadcast Analysis - Part One (Tony Fortunato)
OSTU - Building a Remote Wireshark Analyzer (by Tony Fortunato)
-
Upload
lovemytool -
Category
Technology
-
view
8 -
download
0
description
Transcript of OSTU - Building a Remote Wireshark Analyzer (by Tony Fortunato)
![Page 1: OSTU - Building a Remote Wireshark Analyzer (by Tony Fortunato)](https://reader036.fdocuments.us/reader036/viewer/2022082915/54574e77af795900058b691a/html5/thumbnails/1.jpg)
© 2008 www.thetechfirm.com
Wireshark
Tony Fortunato, Sr Network SpecialistThe Technology Firm
Build A Free Remote Analyzer
![Page 2: OSTU - Building a Remote Wireshark Analyzer (by Tony Fortunato)](https://reader036.fdocuments.us/reader036/viewer/2022082915/54574e77af795900058b691a/html5/thumbnails/2.jpg)
© 2008 www.thetechfirm.com
What are you talking about?
Many times analysts need a remote analyzer
Why not just install Wireshark on the clients PC? Client may not have Administrative equivalent account to install Wireshark Adding another process may make the problem worse You may not want the customer to have access to the trace file You do not know the hardware and software on the customers’ PC
Why build or roll your own analyzer Customers may be geographically dispersed You may want to capture from several points You have control over the PC You can even trouble shoot those problems where PC’s reboot Its fun and easy.. OK I have to take my meds now.
![Page 3: OSTU - Building a Remote Wireshark Analyzer (by Tony Fortunato)](https://reader036.fdocuments.us/reader036/viewer/2022082915/54574e77af795900058b691a/html5/thumbnails/3.jpg)
© 2008 www.thetechfirm.com
Installing Wireshark and VNC on a PC
The PC you choose to use as a remote analyzer should have at least 2 interfaces By using 2 adapters, you won’t have to worry about filtering out your remote control
packets Use your imagination; for example why not; 1 Ethernet, 1 WIFI TIP; If you want to use a laptop, use a PCMCIA Ethernet adapter or Ethernet/WIFI
USB adapter. The 2 interfaces are important;
1 will be the Management Interface This interface will have all the IP information required to communicate with
you 1 will be the Analyzer Interface
This interface will NOT have any protocols loaded As far as the software goes, use whatever OS you want as long as it is supported by
Wireshark I’m going to use Windows in this example
The other thing you need to install is remote control software. I’m going to use UltraVNC since it is multi-platform
![Page 4: OSTU - Building a Remote Wireshark Analyzer (by Tony Fortunato)](https://reader036.fdocuments.us/reader036/viewer/2022082915/54574e77af795900058b691a/html5/thumbnails/4.jpg)
© 2008 www.thetechfirm.com
My Example
Ethernet
Analyzer
Management UltraVNC
Wireshark
![Page 5: OSTU - Building a Remote Wireshark Analyzer (by Tony Fortunato)](https://reader036.fdocuments.us/reader036/viewer/2022082915/54574e77af795900058b691a/html5/thumbnails/5.jpg)
© 2008 www.thetechfirm.com
Testing
Connect both interfaces to the network and capture some packets from both interfaces to ensure they are working properly
Test UltraVNC for remote control access In this example my laptop has an Ethernet and WIFI interface
The Intel WIFI interface will be my Management interface The Broadcom Ethernet interface will be my Analyzer interface
![Page 6: OSTU - Building a Remote Wireshark Analyzer (by Tony Fortunato)](https://reader036.fdocuments.us/reader036/viewer/2022082915/54574e77af795900058b691a/html5/thumbnails/6.jpg)
© 2008 www.thetechfirm.com
Bonus ** Remote control
In some cases I have used remote control services instead of VNC to remotely control the PC. Logmein.com Gotomypc.com
In the future I will investigate how to do this with rpcap, but it’s a bit trickier.
![Page 7: OSTU - Building a Remote Wireshark Analyzer (by Tony Fortunato)](https://reader036.fdocuments.us/reader036/viewer/2022082915/54574e77af795900058b691a/html5/thumbnails/7.jpg)
© 2008 www.thetechfirm.com
Connect and Analyze
Now that Wireshark and VNC is working, all you have to do is connect and capture your packets from the analyze port
Since this is your troubleshooting PC, you may want to consider several other tools for your troubleshooting, which I may cover in future sessions; Lookatlan Servers Alive MRTG Perl Portable webserver Portable FTP server Camstudio Easycapture Iperf tftpserver
![Page 8: OSTU - Building a Remote Wireshark Analyzer (by Tony Fortunato)](https://reader036.fdocuments.us/reader036/viewer/2022082915/54574e77af795900058b691a/html5/thumbnails/8.jpg)
© 2008 www.thetechfirm.com
Wireshark Training - QuickStart
Tony Fortunato, Sr Network SpecialistThe Technology Firm
Thank you
![Page 9: OSTU - Building a Remote Wireshark Analyzer (by Tony Fortunato)](https://reader036.fdocuments.us/reader036/viewer/2022082915/54574e77af795900058b691a/html5/thumbnails/9.jpg)
© 2008 www.thetechfirm.com
For additional educational videos on Open Source Network Tools, please click on the following …
http://www.lovemytool.com/blog/ostu.html
LoveMyTool.com – Community for Network Tools