Installing Wireshark on Alibaba Cloud

TCP/IP Protocol

A protocol is a set of rules and procedures for how systems interact with one another. The TCP/IP protocol is a set of rules and procedure used to transmit data from one computer to another. Whether you’re system administrator, security engineer, forensic investigator, network engineer, understanding these protocol is necessary if you want to be efficient. TCP/IP is the most common protocol used on the internet for communication.

  • Datalink layer: this layer provide error control and framing. Like example of Datalink layer we have: Ethernet, Token Ring
  • Internet layer: also known as network layer, it role is to accept and deliver packets for the network. This protocol include other protocols such as : Internet protocol(IP), Address Resolution Protocol (ARP) and the Internet Control Message Protocol( ICMP).
  • Transport Layer: this is the layer that ensures that packets arrives in sequences without errors: this layer is ensured by two protocols: Transmission Control Protocol( TCP) and User Datagram Protocol(UDP)
  • Application Layer: this layer defines standard internet services and network applications used by anyone. Example of application layer protocols are: ftp,smtp, dns, www.
  • TCP: this protocol ensure that data send on the network is arrived on the destination. It’s considered as a reliable connection-oriented protocol.
  • UDP: This protocol provide data-gram delivery services. It does not verify the connection between receiving and sending host. it’s considered as non reliable connection-oriented protocol
  • IP: this is one of the most significant protocol of the entire TCP/IP suite. IP is responsible for the following:
  • IP addressing
  • Packet formatting
  • Fragmentation
  • ARP: this stand for Address Resolution Protocol. This protocol exist between the data-link and internet layers. He assists IP in directing datagrams to the appropriate receiving host by mapping his mac address to known IP address.
  • ICMP:This stand for Internet Control Message Protocol. He detect and reports network errors conditions. The main role of this protocol is to verify that host is reachable on a network.

Prerequisites

For this tutorial, I have already set my FTP server online using Alibaba Cloud Elastic Compute Service (ECS).

Install Wireshark

  • For windows users, just go to the official Wireshark link and download the latest version.
  • For Linux users, you can install it by entering the apt-get install wireshark (for ubuntu user). Or you can download the tar file, decompress it and install it.

Where to Use Wireshark

Wireshark can be used to monitor your traffic from your computer to another computer (online server, computer on the same network) or use to monitor all traffic on the network. Most of the time, hackers use this tool when performing man in the middle attacks (MITM attack).

How to Use Wireshark

There are two way to use Wireshark

  • By importing the packet file captured you have captured with another traffic sniffer like tcpdum.
  • By active packet sniffing directly in Wireshark.

1) Import File in Wireshark

In this case, imagine you want to know what is going on your server but don’t have time at the moment. You can install and start tcpdum to save all network traffic history in a file so you can analyze it after when you are free.

  • source: for where packets are coming from
  • Destination: for where data is destined,
  • protocols : it can be ( ivp4 or ipv6) ,
  • Length: the packet length,
  • infos: is packet send

2) Active Packet Monitoring

When you start your wireshark for active traffic monitoring, you first have to chose the network interface where you want listen to your traffic. After that, you can click on the blue icon at the left corner to start.

3) Filter

Filter are wireshark features allowing to concentrate on the packets you are interested.

Conclusion

We have quickly learned about TCP/IP and have seen how we can use one of the most network analyzer tools to monitor our network. But there’s still a lot more to discover with Wireshark. I highly encourage you to install it on your ECS server and explore its various features to see what is going in our network and protect your ECS server if necessary.

Original Source

https://www.alibabacloud.com/blog/installing-wireshark-on-alibaba-cloud_594915?spm=a2c41.13045173.0.0

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com