Book Image

Wireshark Essentials

Book Image

Wireshark Essentials

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Wireshark Essentials
Oct, 2014 | 194 pages
No titles found
Table of Contents (15 chapters)
Wireshark Essentials
Wireshark Essentials
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Getting Acquainted with Wireshark
Getting Acquainted with Wireshark
Installing Wireshark
Performing your first packet capture
Summary
2
Networking for Packet Analysts
Networking for Packet Analysts
The OSI model – why it matters
IP networks and subnets
Switching and routing packets
WAN links
Wireless networking
Summary
3
Capturing All the Right Packets
Capturing All the Right Packets
Picking the best capture point
Test Access Ports and switch port mirroring
Capturing interfaces, filters, and options
Verifying a good capture
Saving the bulk capture file
Isolating conversations of interest
Using the Conversations window
Wireshark display filters
Filter Expression Buttons
Following TCP/UDP/SSL streams
Marking and ignoring packets
Saving the filtered traffic
Summary
4
Configuring Wireshark
Configuring Wireshark
Working with packet timestamps
Colorization and coloring rules
Wireshark preferences
Wireshark profiles
Summary
5
Network Protocols
Network Protocols
The OSI and DARPA reference models
Transport layer protocols
Application layer protocols
Summary
6
Troubleshooting and Performance Analysis
Troubleshooting and Performance Analysis
Troubleshooting methodology
Troubleshooting connectivity issues
Troubleshooting functional issues
Performance analysis methodology
Summary
7
Packet Analysis for Security Tasks
Packet Analysis for Security Tasks
Security analysis methodology
Security assessment tools
Identifying unacceptable or suspicious traffic
Scans and sweeps
OS fingerprinting
Malformed packets
Phone home traffic
Password-cracking traffic
Unusual traffic
Summary
8
Command-line and Other Utilities
Command-line and Other Utilities
Wireshark command-line utilities
Capturing traffic with Dumpcap
Capturing traffic with Tshark
Editing trace files with Editcap
Merging trace files with Mergecap
Other helpful tools
Summary
Index
Index

Merging trace files with Mergecap

You can use Mergecap to merge two or more trace files into one file. The basic syntax is as follows:

mergecap –w <outfile.pcapng>  infile1.pcapng   infile2.pcapng  …

For example:

mergecap –w merged.pacap   source1.pcapng   source2.pcapng    source3.pcapng

One useful option you sometimes may want to use in Mergecap (and several of the other command-line utilities) is –s <snaplen>. This will truncate the packets at the specified length past the start of each frame, resulting in a smaller file; a typical value for <snaplen> is 128 bytes:

mergecap –w merged_trimmed.pcapng  -s 128  source1.pcapng  source2.pcapng

Mergecap batch file

If the capture files you want to merge have a variety of naming formats, you can create a MergeTraces.bat file containing the following Windows batch commands:

@echo off
cls
echo MergeTraces.bat
echo.
echo Merges multiple packet trace files with a .pcapng extension into one .pcapng file
echo.
echo Usage: Copy MergeTraces...
Previous Section
End of Section 6
Next Section