I am new to Wireshark and I am needing help with navigating through it. How do I lfind the IP and MAC address of the suspect system, the DNS server, the default gateway, and the DHCP server. How do I find the vendor of the suspect network card. How do I extract a web page and a graphic file from wire shark. How do I find the computer name of the suspect system. And last how do I find which protocols used the most. I tried to find help online and I could not find what I am looking for so I am trying this route. Thanks in Advance asked 09 Jul '12, 12:42  jennifer26m |
3 Answers:
This sounds like another homework assignment to me (which would mean you should better try to find out yourself). There's tons of help on the Wireshark home page, including tutorials, videos, a Wiki etc. If it isn't a homework assignment: can you specify more details about the so called "suspect system"? Why is it a suspect system, and what kind of trace data do you have? answered 09 Jul '12, 13:48  Jasper ♦♦ |
Lots of information is on the documentation page. The "Introduction to Wireshark" video should answer some of the questions. You also may be interested in the protocol hierarchy and exporting objects features within Wireshark; more details will be in the user guide. It's still hard to give pointers on a "suspect system" without a definition for one. Maybe some of the "network mysteries" videos at the link below will be of help in suggested a process to repeat. answered 09 Jul '12, 14:45  rickg421 |
Watch the following videos (including others on youtube) and you will be enlighted ;-)
Regards answered 09 Jul '12, 14:59  Kurt Knochner ♦ edited 09 Jul '12, 15:02 |
Its an intro to wireshark for a college course. I don't want answers I want to know how to navigate through wireshark to be able to answer these questions. I have been looking all through wireshark and online but I cant find any type of help that i am looking for
Okay, fair enough. In that case you might want to start asking questions one at a time and tell us where you're stuck.
Finding IP addresses and MAC addresses is quite easy if you take a look at the statistics menu, especially the "Endpoint" and "Conversation" statistics. It will give you an overview of what addresses there are in a capture.
If you need to identify a certain system doing something suspicious you'd first need to know what suspicious is. Then use display filters to isolate the suspicious communication and use the packet detail pane to investigate further details.