Wireshark - Network analyzing software(Website Vulnerability scanner)

Present by:

LAXMI INSTITUTION OF TECHNOLOGY

Sr. no. Name Enrollment No.

1 Nakum Dharmesh M. 150863109005

2 Nayakvade Ragini B. 150863109006

3 Parmar Ashish V. 150863109007

4 Patel Bhavin S. 150863109008

5 Yadav Dhananjay I . 140603109063

Sub: Cyber Security 2150002

Content What is Wireshark Where it use How it works Some practical things

What is Wireshark?

- Network packet/protocol analyzer- One of the best open source packet analyzers available today for UNIX and Windows

You could think of a network packet analyzer as a measuring device used to examine what’s going on inside a network cable, just like a voltmeter is used by an electrician to examine what’s going on inside an electric cable (but at a higher level, of course).

Wireshark is perhaps one of the best open source packet analyzers available today.

Where it use?

- Network Administrators use it to troubleshoot network problems- Network security engineers use it to examine security problems- Testers use it to detect defects :)- People use it to learn network protocol internals.

WireShark – Sample Demo

A vulnerability scanner is a computer program designed to assess computers,

computer systems, networks or applications for weaknesses.

They can be run either as part of

vulnerability management by those tasked with protecting systems - or by black hat attackers looking to gain unauthorized access.

Website Vulnerability Scanner:

The following are some of the many features Wireshark provides: •Available for UNIX and Windows.•Capture live packet data from a network interface. •Open files containing packet data captured with tcpdump / WinDump, •Wireshark, and a number of other packet capture programs. •Import packets from text files containing hex dumps of packet data. •Display packets with very detailed protocol information. •Save packet data captured. •Export some or all packets in a number of capture file formats. •Filter packets on many criteria.•Search for packets on many criteria.•Colorize packet display based on filters.•Create various statistics.... and a lot more!.

Features:

How it works?For Windows- download (http://www.wireshark.org/download.html)

- install- use

Open Wireshark. Click the "Capture" menu, then click "Interfaces." A small window with all of your networking interfaces will appear. If you use any network traffic, you will start to see packets coming in.

Wireshark Interface

13

14

Wireshark Interface

Status Bar

15

HTTP Analysis

HTTP Analysis – Load Distribution

Click “Create Stat” buttonYou can add “filter” to onlyShow selected traffic

HTTP Analysis – Packet Counter

HTTP Analysis – Requests

Each line represents a packet, and there are 7 columns that provide information about it is number column shows the order of the packet when you start recording network traffic. This is to provide you with number reference so that you can easily identify particular packet.

The time is in seconds, up to 6 decimals, when the packet was received after you started to record network traffic.

The source includes the Internet Protocol (IP) address of the packet's origin.

The destination IP records where a particular packet is going.

The protocol the packet uses. The most common are TCP, UDP and HTTP.

Examine each packet's information.

Video

The End