Episode: 1146
Title: HPR1146: Wireshark-1
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr1146/hpr1146.mp3
Transcribed: 2025-10-17 19:46:08

---

Well, hello there. This is the fake Ken found from Hacker Public Radio. And I'd like
to invite every single one of you out there to Common Join us on New Year's Eve for
the Hacker Public Radio Internet Party at 24 hour blast. Common Join us details available
on HackerPublicRadio.org. It will be simply grand.
Hello, Hacker Public Radio. This is the new age techno hippie. And I'm bringing you
another episode this time on Wireshark. I had talked to Ken a long time ago about doing
this. I still don't know if I'm going to have time to go into the right detail on it. But
this is going to be just an introductory episode. Hopefully, if people want to know more, they
can ask questions. And then I'll sort of try and get out episodes here there about the
different topics. I'm going to start out some real basic stuff, which is if you're kind
of having an idea, you've seen Wireshark, you look really cool and interesting, and you
can capture packets and you can look at what's going on and how things work. Really, the
first level to start at is head over to Wikipedia, at least take a look at the communications
protocol page. And I'll give a high level of how protocols are organized, sort of the basic
rules that are people play by, how they're structured. It's a place to start. If you don't
really understand what a communications protocol is, it's, you know, at the simplest level, just
away from her greed method by which two parties will talk to each other. It's like saying,
I say hello, and then you're obligated to say hello back to me before we can do anything else.
And then after that, we can go into something and I can ask a question and you will respond with
the answer. And then you ask a question and I respond with the answer. It's the structured way
by which two parties communicate. You can go, you know, as far back as you want in time and people
always have the piece sorts of protocols. In the computer world, one of the best known is the
stuff that all the internet runs on, which is the TCP, IP, UDP, all these sorts of three-letter
acronyms and letter ones, but the basic protocols that run those. And if you're going to use
wireshark to capture those, you sort of need to understand what all those different protocols
are. And one of the great spots that you could go to get some of that information is a website
called www.protocols.com. And that's it. We'll have a list of all the different other ones, not all,
but probably not all, but a lot of the different protocols that are out there and how they're structured
and what they mean and what the responses are and the acknowledgments and, you know, what order
packets go in and how that stuff's all structured. I mean, it's a pretty interesting site that
design is, I don't know, I think a little bit lacking, but they have some links in the front page
when you first go there and some general ideas of the protocols that you're going to be looking at.
And I think that if we're going to start looking at wireshark, one of the first things you really
need to do is understand some of the very basics. And if you're looking at something like TCP,
IP, suite of protocols, it'll go into sort of and you click on the TCP IP at protocols.com. You
see a general layout of how the protocols are structured, what the information is. And then what
you need to do is you need to go through wireshark, capture some data on your local network,
as you're sort of surfing the web or something, and then you start taking a look and you look for
these different protocols of what you're doing. So you find those protocols at protocols.com,
and then you take a look at those same protocols and wireshark that you're doing.
Now to help you with that, obviously you need to go get wireshark from the download page.
The link will be in the show notes, in case you don't already have it. If you're not on,
if you're a Windows or Mac, if you're on a Linux, it's going to be in the repository or
portage tree or something like that. It'll be readily available to you from where you normally
get your software. Now on the wireshark org page, you know, you're going to get, there's a
documentation section. So in the reshark cut to that in the show notes as well, on basically slash
docs after wireshark.org. And in the center of that page is a just sort of a rundown of some
videos with, you know, hands-on introduction to wireshark. And a whole little series of
that somebody did there, like showing different techniques that you can use to look up certain
types of data for a wireshark. And then obviously there's the complete user guide for wireshark.
And that'll also be out there. There's a lot of things that you can do with wireshark. One thing
to keep in mind though is that it's capturing the protocol packets and it's only able to capture
stuff that the live pcap can capture. So if your computer lets you have access to the device
and you can capture on that device, which is most of your ethernet cards or if you have the
right types of 802-11 year, the 802-11 stuff you can capture your network traffic on that and look
at the communication protocols for those or whatever other network devices that you have in your
computer. It's not going to let you do protocol analysis. And when you look at the communications
protocol page, you get an idea for this that it talks about stuff sort of on all levels.
But it's not going to look readily. You're not normally going to use something like wireshark
to be capturing protocols and looking at like USB protocols back and forth between devices. You're
just looking at your network type protocols that you're getting off of your ethernet card.
Now that being said, there's a lot of interesting things that you can look at for those communications
protocols. So some of the things that you know I just thought about recently of doing which I
wound up just chucking my GPS because I hated it. So bad rather than spending all the time,
which I don't have to reverse it here, how they're working it, but some of the new TomTom GPS
devices, and I've found out because I had a Garmin device, they did a two very similar thing.
And I eventually might want to do that with that because I so fed up with the TomTom device
that I just got rid of it. But they're using treating the device when you plug it in to the USB
port. It's not showing up as a hard drive anymore. It's showing up as a network device and you
communicate with that as a network device. But when you do that, you can now capture on that network
port. So if you wanted to make a driver or interact on the same software level with one of these GPS
devices, one of these new TomTom the VS series. And I think they said Mike Garmin,
NewVee or whatever it does the same way. If you want to activate or work with one of these devices
on the same level that their software did or makes software to do so, one of the things that you
need to understand is how's it talking back and forth. And you can do that by using something like
Wireshark to capture the network traffic between your computer and the device and look at how it's
passing the data back and forth between those two devices. And there's going to be a lot of other
sort of network attached appliances. And you can use Wireshark to find out more about how these
network attached appliances work by using something like Wireshark. And it'll give you an
idea for how they're working. So sort of just a quick introduction. And if there's more stuff
that people want to know, then we can go into that. I didn't want to recover a lot of what was
on the Wireshark.org website. The introduction video was about five minutes. Good place to start.
There's a whole bunch of little short, you know, anywhere between, you know, one and ten minute
videos going down there. And there's also some links to the sort of their conference type stuff for
the Wireshark when they get together and that goes over some of the presentations and links
to the presentations for how to do it. There's a lot of reading out there if you want to come up
to speed on it. Now I'm not objectionable to covering some of that material in
pod, you know, in this pod, it has format. But I think that the video walkthroughs that are on the
site are a good place to start. If there's other stuff that needs to be done, you know, if you
want to hear more about it or hear more about something in particular, then I can look at that
and maybe come up with something. But until I get an idea of what exactly you would like to know,
there's so many protocols out there. There's so many ways that you can use Wireshark to look at
the different protocols and you can use it to look at the different protocols and so many features
to Wireshark. It's a very, very, very mature program. You know, an awesome GPL tool that we have
that can use to do very professional level work. I can't cover in any one podcast or even a
series of podcasts. I can go on to the, you know, probably not the end of time, but for a very long
time doing podcast, that for podcasts, just sort of exploring all the different protocols that
are out there. So if there's a particular protocol that you know, maybe we want to take a look at
and how it functions or, you know, possibly look into the, well, the why did, you know, why maybe
they did that? I can, you know, offer that sort of armchair commentary on why a certain protocol might
look like it does or something like that. I've done a little bit of protocol design, but mostly on
a serial level, not a lot of network protocol design, just sort of, you know, saying, okay, well,
here's two devices and I'm going to come up with, you know, my own serial protocol to make these
two things talk that were not necessarily meant to talk or, you know, needed some way to kind of say,
okay, well, let's take this hardware and I'm not using it the way that it's supposed to be used.
And so I need to make it, you know, talk to this other piece of software for custom hardware software
integration development that I've done in the past, you know, to create an entire system,
but that's on a different level than sort of looking at these internet protocols and taking a look
and saying, well, do we want to, you know, take a look at a particular protocol for the internet
that's slightly different than that sort of work which I've done in the past. I've also done
network troubleshooting with things like Wireshark and just sort of, well, you know, oh, why is it
disworking or why am I, you know, not able to get to this server, that server with this protocol
and I have a device over here and it's not making it to this other end and where do I want to put
my equipment, you know, get your equipment in a spot where you can see more of the packets
that are going back and forth. That's the other thing to be aware of,
what Wireshark is, is that you're only going to see the packets that are
that you're connected to. So your computer's only going to see the packets that it has access to
based on where it is in your network. So if you connect Wireshark up and it's on the, you know,
on your router behind your net, it's not going to see stuff necessarily on the other side of your net.
If you're, if you're tiered off and you're blocked off on a router, you're going to see stuff
that comes into your subnet, you're not going to like see stuff on the outside. So you need to
make sure that the computer that has Wireshark on it is connected to the part of the network that
you want to look at or has access to it. So you're just seeing what's coming into that network
card or going out of that network card. You're not actually able to look at stuff elsewhere unless
you sort of put your computer in between parts of the network. So if you wanted to look at
different computer, you don't want to look at, it's into the traffic. You want to look at the
traffic flowing from it to another part of the network and you need to position your computer
in between those two, to monitor that and do capture. So you could set up your computer to do
full pass routing and then stick it in the center and monitor the incoming and outgoing Ethernet
cards. And as it does, it'll take a look at every packet to go again and then every packet that's
coming out and you've set yourself up with a very basic network analyzer sort of setup.
And I remember when I was working as a general admin and looking at servers and managing a lab
that was a fun little piece of equipment to have a network analyzer like that. And this is
big standalone bulky unit that had two Ethernet ports on it and a little laptop into this because
you had to have this laptop with it to plug into the unit to do the network analyzer traffic.
And now you have a wire shark and you can do it for free. And it's pretty cool. So I hope that
you guys have an idea of where to start with the protocol stuff. I mean a lot of you guys probably
already know this stuff. But for the most part, that's what it's really about. It's about understanding
what your target is and kind of have a general idea of what you're getting yourself into first with
a particular protocol and then taking a look at how it's functioning. The software itself
wire shark is, if you watch the introduction video on wireshark.org, it's pretty, you'll get yourself
rolling pretty quickly. But if there's other questions, please just submit them into the feedback
through the website and or through my Gmail account. And I'll get back to you know, try and record
an episode on whatever people want to hear an episode on if I can. All right. And if I can't
then I'll post an episode saying that you know I completely bomb on this and maybe this is a
better source of information and point you towards where I think I can find where you know we're
might be able to find the information at. But in general I'm just going to sort of leave it there
and have a good night.
You have been listening to Hacker Public Radio at Hacker Public Radio does our
We are a community podcast network that releases shows every weekday Monday through Friday.
Today's show, like all our shows, was contributed by a HPR listener like yourself.
If you ever consider recording a podcast then visit our website to find out how easy it really is.
Hacker Public Radio was founded by the digital dark pound and the economical and
computer cloud. HPR is funded by the binary revolution at binref.com. All binref projects are
crowd- Exponsored by linear pages. From shared hosting to custom private clouds,
go to lunarpages.com for all your hosting needs. Unless otherwise stasis, today's show is
released under a creative comments, attribution, share a like, lead us our license.