This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

A good way to learn how to use wireshark

0
1

I'm new to wireshark, and I'd like to learn how to use it properly.

I'm going to use wireshark to reverse-engineer communication protocols of applications, and I'd like to see an applied sample on how to do this.

I've tried to use Wireshark to reverse engeneer communication between zynga pocker client, and the server, and I run into a problem: how can I know, which packets belong to which applications?

Also, can anyone recommend/write a tutorial, which concerns itself with reverse engeneering protocols?

asked 26 May '12, 01:01

menkaur's gravatar image

menkaur
1123
accept rate: 0%

edited 26 May '12, 01:01


One Answer:

2

A good way to learn how to use wireshark

there are several ways to start:

reverse engeneer communication between zynga pocker client, and the server, and I run into a problem: how can I know, which packets belong to which applications?

Reverse engineering a network protocol requires a lot of experience with other network protocols and with client-server architectures in general. You won't learn that in a simple tutorial. So, there is only the hard way, by analyzing the traffic and observing the action/reaction of the client/server.

If the protocol is unknown to wireshark it will only show the network traffic in HEX and you need to figure out if there are any recurring pattern. You can do that manually, or you can use some advanced techniques. Have a look at this video tutorial: "DEFCON 13: Reverse Engineering Network Protocols using Bioinformatics"

http://www.youtube.com/watch?v=A3zP5l6TZhc

Regards
Kurt

answered 26 May '12, 09:20

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 27 May '12, 13:28