19

I'm trying to understand how to use Wireshark right now, but the official manual isn't a fun read at all when starting out. Its too detailed, and the details are going right over my head because of the information overloading :)

What are some more didactic tutorials out there?

Thanks!

Edit: WireShark is a network packet sniffer, and it's very useful for debugging network applications. I'm working on networked applications, and plan to use it as a Debugging tool to make my job as a programmer happier. I guess this is about programming related as asking for tutorials about gbd, valgrind or mdb, dtrace, prstat, cat, visual studio or eclipse.

Robert Gould
  • 68,773
  • 61
  • 187
  • 272
  • Perhaps you should provide some details on how this is related to programming. – EBGreen Feb 26 '09 at 05:31
  • I use Ethereal, it's predecessor, to analyze HTTP traffic and diagnose communication issues, and as such this is very related to programming. – cdonner Feb 26 '09 at 05:35
  • Wireshark is an awesome low level debug tool for socket programming. So it's extremely relevant. – Brandon Feb 26 '09 at 05:37

2 Answers2

4

I wouldn't start with a tutorial on Wireshark itself necessarily. Reading the Wireshark manual first is kind of like reading the help guide to Visual Studio; if you already knew the basics of how programming is done the IDE would naturally make a lot of sense.

If you google and find some tutorials on Ethernet in general (the structure of packets, how TCP and UDP data gets from point A to point B, etc) then the information Wireshark presents will make sense naturally.

For extra bonus points check out Cisco's OSI model - if you can understand each layer of that then you'll have a deep understanding of what Wireshark is telling you.

If you just want a quickstart: http://www.youtube.com/watch?v=0bazkLeY6b4

Brandon
  • 13,956
  • 16
  • 72
  • 114
  • 5
    Thanks, but I know enough about the protocols, but I have no idea how to take advantage of the tool. It looks wonderful, and its got all sort of bells and whistles, but I have no idea what levers to pull :) – Robert Gould Feb 26 '09 at 05:39
  • Anything you're trying to do specifically? – Brandon Feb 26 '09 at 05:41
  • in the long run I want to setup some scripts that will trigger alerts when bad data is sent along the pipes. But first I need to understand the tool in general – Robert Gould Feb 26 '09 at 05:49
  • Added link to decent quick beginner video... you may already be above that level though. – Brandon Feb 26 '09 at 05:52
  • Not bad, I had gotten about that far fumbling my way through the tool, but at least I now know that I wasn't doing stuff totally wrong! – Robert Gould Feb 26 '09 at 06:04
3

These should do it:

Wireshark & Ethereal Network Protocol Analyzer Toolkit (Jay Beale's Open Source Security)

Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems