5. How Packet Sniffer Works
● Collection
– the packet sniffer collects raw binary data from the wire.
● Conversion
– the captured binary data is converted into a readable form
● Analysis
– the actual analysis of the captured and converted data.
– The packet sniffer verifies its protocol based on that
protocol’s specific features.
17. Network Traffic Analysis
● BPF Filters, what !!!
– Berkley Packet Filter
– A knowledge of BPF syntax is crucial as you dig
deeper into networks at the packet level.
– Allow you to specify exactly which packets you want to
capture.
– Get rid or Packets you don't want to capture
– BPF is how you talk to the Network Drivers :)
27. Network Traffic Analysis
● Dumpcap
– a network traffic dump tool
– It captures packet data from a live network and writes
the packets to a file.
– Why should I use it !!!
28. Network Traffic Analysis
● Wireshark Basic Operations
– Live Capture
– Open PCAP File
– Basic Filters
– Follow TCP Stream
– Time Stamps
– Expert Info
– Statistics