Table of Contents for
Mastering Wireshark 2

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Mastering Wireshark 2 by Andrew Crouthamel Published by Packt Publishing, 2018
  1. Mastering Wireshark 2
  2. Title Page
  3. Copyright and Credits
  4. Mastering Wireshark 2
  5. Packt Upsell
  6. Why subscribe?
  7. PacktPub.com
  8. Contributor
  9. About the author
  10. Packt is searching for authors like you
  11. Table of Contents
  12. Preface
  13. Who this book is for
  14. What this book covers
  15. To get the most out of this book
  16. Download the color images
  17. Conventions used
  18. Get in touch
  19. Reviews
  20. Installing Wireshark 2
  21. Installation and setup
  22. Installing Wireshark on Windows
  23. Installing Wireshark on macOS
  24. Installing Wireshark on Linux
  25. Summary
  26. Getting Started with Wireshark
  27. What's new in Wireshark 2?
  28. Capturing traffic
  29. How to capture traffic
  30. Saving and exporting packets
  31. Annotating and printing packets
  32. Remote capture setup
  33. Prerequisites
  34. Remote capture usage
  35. Summary
  36. Filtering Traffic
  37. Berkeley Packet Filter (BPF) syntax
  38. Capturing filters
  39. Displaying filters
  40. Following streams
  41. Advanced filtering
  42. Summary
  43. Customizing Wireshark
  44. Preferences
  45. Appearance
  46. Layout
  47. Columns
  48. Fonts and colors
  49. Capture
  50. Filter buttons
  51. Name resolution
  52. Protocols
  53. Statistics
  54. Advanced
  55. Profiles
  56. Colorizing traffic
  57. Examples of colorizing traffic
  58. Example 1
  59. Example 2
  60. Summary
  61. Statistics
  62. TCP/IP overview
  63. Time values and summaries
  64. Trace file statistics
  65. Resolved addresses
  66. Protocol hierarchy
  67. Conversations
  68. Endpoints
  69. Packet lengths
  70. I/O graph
  71. Load distribution
  72. DNS statistics
  73. Flow graph
  74. Expert system usage
  75. Summary
  76. Introductory Analysis
  77. DNS analysis
  78. An example for DNS request failure
  79. ARP analysis
  80. An example for ARP request failure
  81. IPv4 and IPv6 analysis
  82. ICMP analysis
  83. Using traceroute
  84. Summary
  85. Network Protocol Analysis
  86. UDP analysis
  87. TCP analysis I
  88. TCP analysis II
  89. Graph I/O rates and TCP trends
  90. Throughput
  91. I/O graph
  92. Summary
  93. Application Protocol Analysis I
  94. DHCP analysis
  95. HTTP analysis I
  96. HTTP analysis II
  97. FTP analysis
  98. Summary
  99. Application Protocol Analysis II
  100. Email analysis
  101. POP and SMTP
  102. 802.11 analysis
  103. VoIP analysis
  104. VoIP playback
  105. Summary
  106. Command-Line Tools
  107. Running Wireshark from a command line
  108. Running tshark
  109. Running tcpdump
  110. Running dumpcap
  111. Summary
  112. A Troubleshooting Scenario
  113. Wireshark plugins
  114. Lua programming
  115. Determining where to capture
  116. Capturing scenario traffic
  117. Diagnosing scenario traffic
  118. Summary
  119. Other Books You May Enjoy
  120. Leave a review - let other readers know what you think

Profiles

We'll now take a look at how to create profiles to package these preferences into usable profiles that you can switch between, based on the situation that you are in.

When you're using Wireshark, any of the changes that you make to it, whether it's your preferences that you might be changing, display filters that you might be creating or capture filters, or any of that, they all go under what is known as the default profile. And when you create new profiles, they will work as a copy of the default profile. Thus, it's recommended that you make minimal changes to your default profile. You can maybe make a few overreaching changes to your environment, but don't do anything specific, and instead make a profile for different specific situations that you might need. You can do that in the bottom right-hand corner of the Wireshark interface. As you can see, there's the Profile: Default selected there, and if you click on that it'll allow you to select between the different profiles that you have on your system:

By default, you have a Classic and a Bluetooth profile that's included in Wireshark. You can see we're currently using the Default profile. If you wish to manage these profiles and create them, you can right-click on Profile: Default. And you'll now see a new window that pops up and allows you to manage your profiles or create one:

They take you to the same spot, though. So what we'll do is we'll just go into Manage Profiles..., and you can see the listing of profiles that we currently have. To create a profile, we just need to click on the plus sign:

Alternatively, if you were in that previous window, you could simply click on New... and it brings you to the exact same window; but, instead, it automatically clicked on the plus sign for you. What we can do is name our profile here. We'll call this New Profile, and you'll see that it says Created from default settings on the right-hand corner:

We can see how it copies the default settings, whatever you had already configured, in your system. Now, it's creating a new profile for us, and if we click on OK, it will create it; you see something's changed in the interface, and in the bottom right it says Profile: New Profile and we're now using that:

What you can do is right-click on Profile: New Profile and go to Edit..., and you'll see it has the path to the profile:

Wireshark stores profiles as folders, so click on that link and it will open up the New Profile folder. Then, we'll go back to the profiles folder and you'll see that under the profiles folder, every new profile you create will show up as a new folder:

And if you go back even one step, that is in the Wireshark folder, you'll see the default files that have been created in your Wireshark installation, and there'll be different ones depending on what you might have changed:

For example, there's cfilters, which is your capture filters, and we can show that. Remember that these capture filters are under your Capture options, and if you click on this bookmark, it's an easy way to get there. You can then manage your capture filters. Remember, I made a custom one at one point previously. That's why it has that saved. Additionally, we have io_graphs preferences; we have the language selections now that Wireshark is in multiple languages; and we have the recent files and the preferences, as we were just using in the previous section. And another one would show up if I'd created display filters; there would be a dfilters file too, which would have customized display filters. Now what we can do is we can edit these files as well. These are text files. What you can do is right-click on any file and edit it.

I would recommend using something such as Notepad++ that will show the carriage returns correctly because if you open it with Notepad, it might not show up correctly due to the type of carriage returns they use.

Now, if you wish to share your profiles with other people, you can go into the profiles folder and simply copy the New Profile folder for whatever profile you wish to share. Maybe you have an 802.11 wireless one, or a TCP analysis one, a corporate network one, or a major errors one-whatever it is that you might have-and you have multiple IT administrators or analysis individuals that are in your organization. You can share these profiles among each other by simply copying and pasting these folders between your different computers, and you could share it as a ZIP file or whatever suits you best.