• 66 | Chapter 2: Network Security Testing Basics
    		•

    Learning Kali Linux




    Download 22,59 Mb.
    Pdf ko'rish
    bet69/225
    Sana14.05.2024
    Hajmi22,59 Mb.
    #232856
    1   ...   65   66   67   68   69   70   71   72   ...   225
    Bog'liq
    learningkalilinux

    Packet Captures | 65

    sation, is a window showing the ASCII decode of the payloads from all of the frames.
    You can see this in 
    Figure 2-5
    . Wireshark also color-codes the output. Red is the cli‐
    ent messages, and blue is the server messages. You will also get a brief summary at the
    bottom of the window indicating how much of the conversation was the client’s and
    how much was the server’s.
    Figure 2-5. Follow TCP stream output
    Wireshark has the same filtering capabilities that we had with 
    tcpdump
    . In the case of
    Wireshark, we can apply the filter as a capture filter, meaning we will capture only
    packets that match the filter, or we can apply the filter as a display filter to be applied
    to packets already captured. Wireshark will provide a lot of help when it comes to
    filtering. When you start typing in the filter box at the top of the screen, Wireshark
    will start trying to autocomplete. It will also indicate whether you have a valid filter
    by color-coding the box red when you have an invalid filter, and green when it’s valid.
    Wireshark has the ability to get to about every field or property of the protocols it
    knows about. As an example, we could filter on the type of HTTP response code that
    was seen. This may be valuable if you generated an error and you want to look at the
    conversation that led to the error.
    66 | Chapter 2: Network Security Testing Basics

    Wireshark will also do a lot of analysis for us. As an example, when we were frag‐
    menting packets earlier using 
    fragroute
    , Wireshark would have colored frames that
    weren’t right. If a packet’s checksum didn’t match, for instance, the frames belonging
    to that packet would have been colored black. Any error in the protocol where the
    packet is malformed would result in a frame that was colored red. Similarly, TCP
    resets will get a frame colored red. A warning would be colored yellow and may result
    from an application generating an unusual error code. You may also see yellow if
    there are connection problems. If you want to save a little time, you can use the Ana‐
    lyze menu and select Expert Info to see the entire list of frames that have been flag‐
    ged. You can see a sample of this view in 
    Figure 2-6
    .
    Figure 2-6. Expert information output
    Wireshark has so many capabilities; we aren’t even skimming the surface of what it
    can do. A lot of what you may find it useful for is just to see the headers for each
    protocol broken out in a way that you can easily read them. This will help you see
    what is happening if you run into issues with your testing. One other feature I should
    mention is the statistics menu. Wireshark will provide graphs and different views of

    Download 22,59 Mb.
    1   ...   65   66   67   68   69   70   71   72   ...   225




    Download 22,59 Mb.
    Pdf ko'rish