Transcript Slide 1
Wireshark Monitoring Packet Learning Objectives • Upon completion of this lab, you will be able to: – Explain the header fields in an Ethernet II frame. – Use Wireshark to capture and analyze Ethernet II frames. Intro • • • • • • Wireshark is a software protocol analyzer, or "packet sniffer" application, used for network troubleshooting, analysis, software and protocol development, and education. Before June 2006, Wireshark was known as Ethereal. A packet sniffer (also known as a network analyzer or protocol analyzer) is computer software that can intercept and log data traffic passing over a data network. As data streams travel back and forth over the network, the sniffer "captures" each protocol data unit (PDU) and can decode and analyze its content according to the appropriate RFC or other specifications. Wireshark is programmed to recognize the structure of different network protocols. This enables it to display the encapsulation and individual fields of a PDU and interpret their meaning. It is a useful tool for anyone working with networks and can be used with most labs in the CCNA courses for data analysis and troubleshooting. For information and to download the program go to - http://www.Wireshark.org • When upper layer protocols communicate with each other, data flows down the OSI layers and is encapsulated into a Layer 2 frame. The frame composition is dependent on the media access type. – For example, if the upper layer protocol is TCP/IP and the media access is Ethernet, then the Layer 2 frame encapsulation will be Ethernet II. • When learning about Layer 2 concepts, it is helpful to analyze frame header information. The Ethernet II frame header will be examined in this lab. Ethernet II frames can support various upper layer protocols, such as TCP/IP • Versi II adalah spesisfikasi yang telah digunakan secara luas, versi ini lebih dikenal dengan sebutan DIX, yang merupakan huruf-huruf pertama dari ketiga perusahaan yang mendukung standar ini yaitu : DEC, Intel dan Xerox. Berikut merupakan frame format ethernet versi II Example • • From the information contained in the Packet List window for the first frame, answer the following questions about the destination and source MAC address: Destination Address: – MAC address: ____ 48 5d 60 5b e6 a1 ___ – NIC manufacturer: ____Azurewav______ – NIC serial number: ____5b:e6:a1____ • Source Address: – MAC address: ___90:f6:52:f1:cc:ca___ – NIC manufacturer: __Not shown____ – NIC serial number: ___ Not shown _____ • • • • • • • • Destination Address: MAC address: ____ff:ff:ff:ff:ff:ff___ NIC manufacturer: ____does not apply______ NIC serial number: ____does not apply____ Source Address: MAC address: ___00:16:76:ac:a7:6a___ NIC manufacturer: __Intel____ NIC serial number: ___ ac:a7:6a _____