DOWNDLOAD

Unicorn Network Threat Analyzer

  • Capture network traffic
  • Troubleshoot Wired & Wireless Network
  • Analyze network threats
Read More…
Free Downlaod

Understanding Packet Type Identification in Promiscuous Mode: A Guide

AndyHuang

Contents hide
Wireshark Packet Capture and Common Protocol Analysis
1. Common Protocol Packets
Double click the network card and packet capture starts automatically
1.2 Introduction to Promiscuous Mode
How to Disable and Enable Promiscuous Mode
Click on “Capture”— “Options” in the program toolbar
In the “Output” settings section of the options setup interface, check “Use promiscuous mode on all interfaces” for Packet type identification.
1.3 Using the Wireshark Filter
Next, we open a browser and visit Baidu.
After visiting, click stop capture, we don’t need too many packets.
Example 1: Using a Filter to Screen TCP Packets
Note:
Example 2: Using a Filter to Screen ARP Packets
Example 3: Using a Filter to Screen UDP Packets
Extensions:
Example 4: Using a Filter to Screen HTTP Packets
Example 5: Using a Filter to Screen DNS Packets
Example 6: Packet type identification filter where the source address is 192.168.1.53 or the destination address is 192.168.1.1
Then modify the filter condition to:
and
2. Practical Application: Using Wireshark to Capture and Analyze Common Protocols
2.1 Common Protocol Analysis – ARP Protocol
Start capturing packets — Filter ARP
Use nmap to perform a scan based on the ARP protocol
View the contents of the Address Resolution Protocol (request) ARP request packet:
Summary:
2.2 Common Protocol Analysis – ICMP Protocol
Open a terminal
First look at the request packet content; we can see this is a Layer 4 protocol packet
Next, begin analyzing the ICMP packet: Packet type identification.
ICMP Protocol Analysis Request Packet
ICMP Protocol Analysis Reply Packet
Working Process:
2.3 Common Protocol Analysis – TCP Protocol
“First, clear the packets, then filter by TCP and start capturing: Packet type identification”
View the TCP Protocol:
Open the flag details
Analyze the second packet
Flags Information
Analyze the third packet
Generate a chart to observe the data interaction process
Full Project Analysis As Follows:
2.4 Common Protocol Analysis – HTTP Protocol
Open a terminal and enter the following command
About curl
The 4th and the 6th are our HTTP packets
Complete Process Analysis:
3. Practical Application: WireShark Packet Capture to Solve a Server Being Blocked from the Internet
Extended Supplement:
Conduct Testing
Practical Packet Capture and Analysis
Start capturing, filter ICMP protocol
Then go back to Wireshark to view the packets
What happens if you change the TTL value to 2?
Restore system kernel parameters
Example: Detect communication quality to all nodes of xuegod.cn
You can see there are 12 hops from my current host to the target host [xuegod.cn].
Related posts:

Wireshark Packet Capture and Common Protocol Analysis

1. Common Protocol Packets

Packet type identification
Packet type identification
Double click the network card and packet capture starts automatically

1.2 Introduction to Promiscuous Mode

How to Disable and Enable Promiscuous Mode
Click on “Capture”— “Options” in the program toolbar

In the “Output” settings section of the options setup interface, check “Use promiscuous mode on all interfaces” for Packet type identification.

This enables it. By default, promiscuous mode is enabled.

1.3 Using the Wireshark Filter

Next, we open a browser and visit Baidu.
After visiting, click stop capture, we don’t need too many packets.

There are many packets visible, but how can we find the corresponding packet type?

Example 1: Using a Filter to Screen TCP Packets
Note:
Example 2: Using a Filter to Screen ARP Packets
Example 3: Using a Filter to Screen UDP Packets
Extensions:
Example 4: Using a Filter to Screen HTTP Packets
Example 5: Using a Filter to Screen DNS Packets

Example 6: Packet type identification filter where the source address is 192.168.1.53 or the destination address is 192.168.1.1

Then modify the filter condition to:
and

2. Practical Application: Using Wireshark to Capture and Analyze Common Protocols

2.1 Common Protocol Analysis – ARP Protocol

Start capturing packets — Filter ARP
Use nmap to perform a scan based on the ARP protocol
View the contents of the Address Resolution Protocol (request) ARP request packet:
Summary:

2.2 Common Protocol Analysis – ICMP Protocol

Open a terminal
First look at the request packet content; we can see this is a Layer 4 protocol packet

Next, begin analyzing the ICMP packet: Packet type identification.

ICMP Protocol Analysis Request Packet
ICMP Protocol Analysis Reply Packet
Working Process:
2.3 Common Protocol Analysis – TCP Protocol

“First, clear the packets, then filter by TCP and start capturing: Packet type identification”

View the TCP Protocol:
Open the flag details
Analyze the second packet
Flags Information
Analyze the third packet

The three-way handshake process ends here.

Generate a chart to observe the data interaction process
Full Project Analysis As Follows:

2.4 Common Protocol Analysis – HTTP Protocol

Open a terminal and enter the following command
About curl
The 4th and the 6th are our HTTP packets
Complete Process Analysis:

3. Practical Application: WireShark Packet Capture to Solve a Server Being Blocked from the Internet

Extended Supplement:
Conduct Testing

Practical Packet Capture and Analysis

Start capturing, filter ICMP protocol
Then go back to Wireshark to view the packets
What happens if you change the TTL value to 2?
Restore system kernel parameters
Example: Detect communication quality to all nodes of xuegod.cn
You can see there are 12 hops from my current host to the target host [xuegod.cn].

Related posts:

  1. Analyze TCP Data Transmission Delay: Causes and Solutions
  2. VNC TCP Delay Analysis: Understanding Retransmissions and Zero Window Issues
  3. Troubleshoot Data transmission Delays with Wireshark: Causes and Solutions
  4. MySQL Ping Issue: An Ongoing Network Troubleshooting Mystery