This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Understanding wireshark

0

I am new to Wireshark and I am needing help with navigating through it. How do I lfind the IP and MAC address of the suspect system, the DNS server, the default gateway, and the DHCP server. How do I find the vendor of the suspect network card. How do I extract a web page and a graphic file from wire shark. How do I find the computer name of the suspect system. And last how do I find which protocols used the most. I tried to find help online and I could not find what I am looking for so I am trying this route.

Thanks in Advance

asked 09 Jul '12, 12:42

jennifer26m's gravatar image

jennifer26m
1333
accept rate: 0%


3 Answers:

1

This sounds like another homework assignment to me (which would mean you should better try to find out yourself). There's tons of help on the Wireshark home page, including tutorials, videos, a Wiki etc.

If it isn't a homework assignment: can you specify more details about the so called "suspect system"? Why is it a suspect system, and what kind of trace data do you have?

answered 09 Jul '12, 13:48

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

1

Its an intro to wireshark for a college course. I don't want answers I want to know how to navigate through wireshark to be able to answer these questions. I have been looking all through wireshark and online but I cant find any type of help that i am looking for

(09 Jul '12, 14:16) jennifer32c

Okay, fair enough. In that case you might want to start asking questions one at a time and tell us where you're stuck.

Finding IP addresses and MAC addresses is quite easy if you take a look at the statistics menu, especially the "Endpoint" and "Conversation" statistics. It will give you an overview of what addresses there are in a capture.

If you need to identify a certain system doing something suspicious you'd first need to know what suspicious is. Then use display filters to isolate the suspicious communication and use the packet detail pane to investigate further details.

(09 Jul '12, 16:20) Jasper ♦♦

0

Lots of information is on the documentation page. The "Introduction to Wireshark" video should answer some of the questions. You also may be interested in the protocol hierarchy and exporting objects features within Wireshark; more details will be in the user guide. It's still hard to give pointers on a "suspect system" without a definition for one. Maybe some of the "network mysteries" videos at the link below will be of help in suggested a process to repeat.

answered 09 Jul '12, 14:45

rickg421's gravatar image

rickg421
161
accept rate: 0%

0

I don't want answers I want to know how to navigate through wireshark to be able to answer these questions.

Watch the following videos (including others on youtube) and you will be enlighted ;-)

http://www.youtube.com/watch?v=NHLTa29iovU
http://www.youtube.com/watch?v=pk4OfsxxB4g&feature=related
http://wiresharkdownloads.riverbed.com/video/wireshark/introduction-to-wireshark/

Regards
Kurt

answered 09 Jul '12, 14:59

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 09 Jul '12, 15:02