Wireshark 101: IO Graphs and Expert Info, HakTip 119
ฝัง
- เผยแพร่เมื่อ 8 ต.ค. 2014
- Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
Today on HakTip, Shannon Morse describes two useful features in Wireshark: IO Graphs and Expert Info.
Today we're checking out Wireshark - IO Graphs and Expert Info.
One handy part of Wireshark is being able to see all the data you've captured in useful ways, such as a graph. This can be useful if you want to see how traffic is flowing across your network, and is great if you have a huge amount of data to sift through.
To get to the graph, click on Statistics -- IO Graph. You'll notice a bunch of hills on your graph, and an X Axis / Y Axis. The default for the X Axis is in seconds, starting from 0 and going up to 100 seconds. The Y Axis is how many packets are captured per second. Both of these can be changed with the options below the graph. The X Axis time intervals can be changed as well as pixels per tick (and the tick is the little dash on each axis). The Y Axis can be edited to show different units, scaling of the packets per second, and smoothing of the graph.
The Graph options don't actually require you to use a bunch of different graphs. You can provide filters for each "graph" 1-5, and the colors will distinguish each filter from the original graph.
Clicking on the graph parts will move Wireshark to that specific interval of packet capture. Once you've got a graph you're happy with, you can save it as a PNG or other image file or copy it.
If you go to Analyze ----- Expert Info, a box pops up with a bunch of tabs. These are Errors: for any errors during your capture; Warnings: for connection resets, out of order packets; Notes: info about duplicate packets, protocol issues, and things of that nature; Chats: which will show you TCP Get requests and connection requests, Details shows the errors in a log view - one entry per line. And Packet Comments: will show any extra data that may be of use. Use this Expert Info window as an overview, but not a fully detailed report, because it may not show all the errors for a log.
The columns in these tabs are: Groups (like checksum (if it's invalid), sequence (if it's retransmitted or isnt continuous), malformed (if the packet has a bug or is malformed), debugging, protocol issues, etc. If an error has the same summary just different packet numbers, it'll be grouped into the same tree. Of course, you can also edit your columns in your main Wireshark panel by going to the Preferences tab and creating a new column for Expert Infos.
Let me know what you think. Send me a comment below or email us at tips@hak5.org. And be sure to check out our sister show, Hak5 for more great stuff just like this. I'll be there, reminding you to trust your technolust.
~-~~-~~~-~~-~
Please watch: "Bash Bunny Primer - Hak5 2225"
• Bash Bunny Primer - Ha...
~-~~-~~~-~~-~
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong. - วิทยาศาสตร์และเทคโนโลยี
![โกหกเธอทั้งนั้น (Pinocchio) - SERIOUS BACON [Official MV]](http://i.ytimg.com/vi/P1HhTYwrR5A/mqdefault.jpg)
Love HakTip
Good deal. I appreciate all the time you can spend on this.
Always enjoy wireshark videos! It's a great tool that I use at least once a week.
Dear Shannon. I have been revisiting these WireShark episodes - which I think they're terrific - but the one thing I am having problems is following you because I have Wireshark version 3 and it appears to me that this new version doesn't not have all the features you demonstrate on these videos. Some of the features are re-located but we don't have as many options as we used to have with the version you used, would it be possible for you to re do this series?, I know it's a lot of effort but I can assure you, we (your fans) will be truly grateful in-deed. Thank you, David.
Lurvvvvv her lowcut - she's hackin my concentration
I see you had unitrunker on your desktop, lol.
@4:05 Not a lot of UDP in a WiFi capture? Like it's going to be different somehow if you're plugged-in to ethernet? You just made that up.
+pocodedo hahaha yeah she did
@6:10"It's time to analyze some of the weird things that can happen in a capture because you know not everything is gonna go perfectly." Honestly, to a novice, your choice of words implies a problem occurred with the wireshark capture instead of what you really meant which was "the packet capture contains details of the scenario which you are observing - including network events such as errors, warnings, and details."