Wireshark: Working with Packet Streams

Exclusive offer: get 50% off this eBook here
Instant Wireshark Starter [Instant]

Instant Wireshark Starter [Instant] — Save 50%

A quick and easy guide to getting started with network analysis using Wireshark book and ebook.

$14.99    $7.50
by Abhinav Singh | March 2013 | Networking & Telephony Open Source

As you start to use Wireshark, you will realize that there are a wide variety of things that you can do with it. This article by Abhinav Singh, author of Instant Wireshark Starter [Instant], will teach you all about working with packet streams, the most commonly performed tasks and most commonly used feature in Wireshark.

(For more resources related to this topic, see here.)

Working with Packet Streams

While working on network capture, there can be multiple instances of network activities going on. Consider a small example where you are simultaneously browsing multiple websites through your browser. Several TCP data packets will be flowing across your network for all these multiple websites. So it becomes a bit tedious to track the data packets belonging to a particular stream or session. This is where Follow TCP stream comes into action.

Now when you are visiting multiple websites, each site maintains its own stream of data packets. By using the Follow TCP stream option we can apply a filter that locates packets only specific to a particular stream.

To view the complete stream, select your preferred TCP packet (for example, a GET or POST request). Right-clicking on it will bring up the option Follow TCP Stream.

Once you click on Follow TCP Stream, you will notice that a new filter rule is applied to Wireshark and the main capture window reflects all those data packets that belong to that stream. This can be helpful in figuring out what different requests/responses have been generated through a particular session of network interaction. If you take a closer look at the filter rule applied once you follow a stream, you will see a rule similar to tcp.stream eq <Number>. Here Number reflects the stream number which has to be followed to get various data packets.

An additional operation that can be carried out here is to save the data packets belonging to a particular stream. Once you have followed a particular stream, go to File | Save As. Then select Displayed to save only the packets belonging to the viewed stream.

Similar to following the TCP stream, we also have the option to follow the UDP and SSL streams. The two options can be reached by selecting the particular protocol type (UDP or SSL) and right-clicking on it. The particular follow option will be highlighted according to the selected protocol.

The Wireshark menu icons also provide some quick navigation options to migrate through the captured packets. These icons include:

  • Go back in packet history (1): This option traces you back to the last analyzed/selected packet. Clicking on it multiple times keeps pushing you back to your selection history.

  • Go forward in packet history (2): This option pushes you forward in the series of packet analysis.

  • Go to last packet (5): This option jumps your selection to the last packet in your capture window.: This option is useful in directly going to a specific packet number.

  • Go to the first packet (4): This option takes you to the first packet in your current display of the capture window.

  • Go to last packet (5): This option jumps your selection to the last packet in your capture window.

Summary

In this article, we learned how to work with packet streams.

Resources for Article :


Further resources on this subject:


Instant Wireshark Starter [Instant] A quick and easy guide to getting started with network analysis using Wireshark book and ebook.
Published: January 2013
eBook Price: $14.99
See more
Select your format and quantity:

About the Author :


Abhinav Singh

Abhinav Singh is a young Information Security specialist from India. He has a keen interest in the field of hacking and network security and has adopted it as his full-time profession. He is also the author of Metasploit Penetration Testing Cookbook, Packt Publishing. He is an active contributor to the SecurityXploded community.

Abhinav's works have been quoted in several security and technology magazines and portals.

Books From Packt


 Inkscape 0.48 Illustrator's Cookbook
Inkscape 0.48 Illustrator's Cookbook

Microsoft Enterprise Library 5.0
Microsoft Enterprise Library 5.0

BackTrack 5 Wireless Penetration Testing Beginner’s Guide
BackTrack 5 Wireless Penetration Testing Beginner’s Guide

OpenStack Cloud Computing Cookbook
OpenStack Cloud Computing Cookbook

ASP.NET 4 Social Networking
ASP.NET 4 Social Networking

Elgg Social Networking
Elgg Social Networking

Raspberry Pi Networking Cookbook
Raspberry Pi Networking Cookbook

DJoomla! Social Networking with JomSocial
Joomla! Social Networking with JomSocial


Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Resources
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software