Becoming a Network Analyst Guru Laura Chappell Author Wireshark Network Analysis The Official Wireshark Certified Network Analyst Study Guide wiresharkbookcom SESSION CODE SIA336 Required Slide ID: 487495
Download Presentation The PPT/PDF document "Wireshark Kung Fu:" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Wireshark Kung Fu:Becoming a Network Analyst Guru
Laura ChappellAuthorWireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guidewiresharkbook.com
SESSION CODE: SIA336
Required SlideSlide2
Conquer Your Network
with WiresharkSkills to master includeLocal/remote capture tips
Locate most active interfaceUse rpcapd.exe for remote captureWLAN graphingGraphing beacon rate
Graphing 802.11 retransmissions
VoIP playback
Look for jitter, packet loss and errorsSlide3
Conquer Your Network
with WiresharkSkills to master includeMalware detection
Have a baseline readyKnow scanning/discovery signsColorize questionable trafficApplication analysisWhat is the process?Command-line statistical reporting
Using Tshark effectivelySlide4
Wireshark Demonstration
[The slide set has more details for you as I go into Wireshark demonstrations now.]DEMOSlide5
Remote Capture
with Rpcapd.exeSlide6
Graphing WLAN Retries
(wlan.fc.retry==1) && (wlan.sa==00:24:b2:1f:27:f9)Slide7
Try Application Analysis Yourself!
Launch First Instance of WiresharkClear DNS and browsing cache (ipconfig /flushdns)Start capturehttp://sharepoint.microsoft.com/
?wax=offStop captureLaunch Second Instance of WiresharkClear DNS and browsing cache (ipconfig /flushdns)
Start capture
http://sharepoint.microsoft.com/
?wax=on
Stop capture
Capture on your local host while running Wireshark and connecting to the site.Slide8
Compare Conversations (Time Values)Slide9
VoIP Analysis and Playback
Telephony | VoIP Calls | [select call] | Player | Decode [Check conversation(s)] | PlaySlide10
Malicious Traffic Detection
BASELINE FIRSTSlide11
Tshark Command-Line Statistics
From Wireshark Network AnalysisSlide12
Tshark Command-Line
tshark –i 3 -qz conv,eth -z conv,ip –z conv,tcp
-i 3
Capture on the 3
rd
interface listed by
tshark -D
-qz
conv,eth
Don’t show packets (
-q
), but capture Ethernet conversation statistics
-z
conv,ip
Only use
-q
once. Capture IP conversation statistics
-z
conv,tcp
Only use
-q
once. Capture TCP conversation statisticsSlide13
Related Content
Required Slide
Speakers,
please list the Breakout Sessions, Interactive Sessions, Labs and Demo Stations that are related to your session.
WSV303 Death of a Network: Identify the Hidden Cause of Lousy Network Performance
SIA335 Death of Security: Breached Hosts/Stolen Data/IP Espionage
SIA332 (Panel) Securing the Cloud: Expert Panel
Online Videos: www.wiresharkbook.comSlide14
Resources
Required Slide
www.microsoft.com/teched
Sessions On-Demand & Community
Microsoft Certification & Training Resources
Resources for IT Professionals
Resources for Developers
www.microsoft.com/learning
http://microsoft.com/technet
http://microsoft.com/msdn
LearningSlide15
Complete an evaluation on
CommNet
and
enter to win!
Required SlideSlide16
Sign up for Tech·Ed 2011 and save $500
starting June 8 – June 31sthttp://northamerica.msteched.com/registration
You can also register at the
North
America 2011
kiosk
located at
registration
Join us in Atlanta next year
Slide17
©
2010 Microsoft
Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.Slide18
Required Slide