You’ll see what type of data it is - in this case, it’s a simple ARP. And then we go in a little bit deeper and then we see the information that’s being carried by an ARP. You’ll see the destination and source MAC addresses. You’ll notice it says ethernet two, so this is all layer two information. The next one down is where things get interesting. When was this picked up? How big is it? Stuff like that.
What you can do here is click and get information. You’ll notice what I’ve clicked on is some kind of command, let’s go down one more because that’s an ARP (Address Resolution Protocol). It’s this middle part is where things are the most interesting. People don’t use that very often so I’m going to scroll down. When I click on this, what we’re looking at here at the bottom is the raw, binary values in hex. What you’re seeing right here is the 146th packet that it’s picked up in this capture so far. What I’d like to do is arbitrarily pick something. So what’s happening is in real-time is we are grabbing lots and lots of packets. So I’m going to click on that, and then I click on capture and let’s start her up. I want to keep it simple and just go to my ethernet interface. I’ve just started Wireshark up for us, and you’ll see that on this particular system, it’s these three different interfaces. The best way to see this is to see it in action. The protocol analyzer really just reads pcap data and then - here’s where the term comes from - analyzes it in a way that we can look at it. It’s either going to save it into a file or it’s going to make a live feed directly into the protocol analyzer. So a sniffer grabs all this information, and then the sniffer’s going to do one of two things.
So all the ethernet information, all the IP information, all the application information - it’s all there and these tools grab it. And when I say grabbing all the data, I mean all of the data. And these are tools that are actually grabbing all the data that’s going in and out of a particular interface. The sniffer is some type of software, and it usually has a name like Pcap (packet capture), WinPcap, Npcap or Win10Pcap. The first piece is what I’m going to call the sniffer. (0:56–1:58) Now, before I start opening one up and letting you look at it, you need to understand that there are two very separate pieces to any protocol analyzer.
0 kommentar(er)
