What you’re seeing right here is the 146th packet that it’s picked up in this capture so far. What I’d like to do is arbitrarily pick something. So what’s happening is in real-time is we are grabbing lots and lots of packets. So I’m going to click on that, and then I click on capture and let’s start her up. I want to keep it simple and just go to my ethernet interface. I’ve just started Wireshark up for us, and you’ll see that on this particular system, it’s these three different interfaces. The best way to see this is to see it in action.
The protocol analyzer really just reads pcap data and then - here’s where the term comes from - analyzes it in a way that we can look at it. It’s either going to save it into a file or it’s going to make a live feed directly into the protocol analyzer. So a sniffer grabs all this information, and then the sniffer’s going to do one of two things. So all the ethernet information, all the IP information, all the application information - it’s all there and these tools grab it. And when I say grabbing all the data, I mean all of the data. And these are tools that are actually grabbing all the data that’s going in and out of a particular interface. The sniffer is some type of software, and it usually has a name like Pcap (packet capture), WinPcap, Npcap or Win10Pcap. The first piece is what I’m going to call the sniffer. (0:56–1:58) Now, before I start opening one up and letting you look at it, you need to understand that there are two very separate pieces to any protocol analyzer.
0 kommentar(er)
