09-04-2012, 02:49 PM
Study of wireshark
wireshark.doc (Size: 1.6 MB / Downloads: 48)
Wireshark:-
Wireshark is the world's foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions
Installing and Launching Wireshark
1. Navigate to and pick a download location.
2. Select the latest version of Wireshark to install.
3. Once the download is completed, double-click on the setup file to launch the installation.
Getting Started with Wireshark
Once installed, Wireshark can be used to capture packets that are being sent and received across the network. It can be used to capture and analyze packets being sent between a host PC and any Real-Time controllers such as Compact Fieldpoint (cFP), Compact Vision System (CVS), Compact RIO (cRIO), Real-Time PXI Controller to name a few. Wireshark will be used in this application to capture packets that are sent when communicating with a cRIO controller. The hardware and software needed for this guide are:
Capture Filters
• Use File: to save the captured packets in a specified file.
• Select Use multiple files if using more than one file to save the packets.
• Use Ring Buffer With to specify the number of files to use for the capture.
Display Options
• Select Update list of packets in real-time if you want to see the list of packets as they are captured.
• Select Automatic Scrolling in live capture if you want the packet list to scroll.
• Select Hide Capture Info Dialog if you want to view the capture info dialog.
Name Resolution
• Select Enable MAC name Resolution to allow WIRESHARK to translate MAC addresses into names.
• Select Enable network name Resolution to allow WIRESHARK to translate network addresses into names.
• Select Enable transport name resolution to allow Wireshark to translate transport addresses into protocols.
Simple Mail Transfer Protocol (SMTP):-
Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail (e-mail) transmission across Internet Protocol (IP) networks. SMTP was first defined by RFC 821 and last updated by RFC 5321 (2008 which includes the extended SMTP (ESMTP) additions, and is the protocol in widespread use today. SMTP is specified for outgoing mail transport and uses TCP port 25. The protocol for new submissions is effectively the same as SMTP, but it uses port 587 instead. SMTP connections secured by SSL are known by the shorthand SMTPS, though SMTPS is not a protocol in its own right.
SMTP analysis using Wireshark:-
To troubleshoot or analyse a particular problem on a mail server you may need to take a closer look at the actual SMTP traffic being sent to and from your mail server. Using a Network Capture tool can uncover problems not seen by the mail server. Let's take a look at what can be accomplished with this tool.
Definitions of capture:
Source column. The source is where the packet originated, for example, if your local IP is in the Source column this means the mail server initiated that packet.
Destination column. The Destination is the IP that the Source is sending to, for example, if the destination is a remote IP address this is where the mail server is sending the packet.
Protocol column. The Protocol is the type of request made by the Source. In This I'm filtering on SMTP so we can see SMTP in the Protocol column. If we changed filtering to DNS you would see all captured DNS/ICMP packets.
Analysis:
If you want to get a little more involved in analysing the packets on your mail server you can remove the 'smtp' filter, press Apply, and view all packets on the selected interface. On a busy system this will likely flood the live capture with a lot of packet data and requires a good understanding of networking to analyse all the data.