Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3971
Views
10
Helpful
24
Replies

Ask Me Anything- Basic Wireshark for Networking Students

ciscomoderator
Community Manager
Community Manager

‎04-14-2020 08:57 AM - last edited on ‎04-27-2020 10:43 PM by Cisco Employee

This topic is a chance to clarify your questions about how to use Wireshark, particularly for those who study networking. The session provides key information and best practices for students and instructors who want to enhance their theoretical classes and studies with packet capture analysis. During the event, you can clarify your questions about how to use Wireshark, including related topics such as TCP, UDP, ICMPv4, ICMPv6, and OSPF.

To participate in this event, please use the Join the Discussion : Cisco Ask the Expertbutton below to ask your questions

Ask questions from Tuesday 14 to Friday, April 24, 2020

Featured Expert
dr-moises.pngDr. Moisés André Nisenbaum is a full-time professor at the Federal Institute of Rio de Janeiro (IFRJ) since 1986. He has experience in the Information Science area, and he specializes in Information and Communication metrics. In the area of education, he works with different Information and Communication technologies, with a focus on networks, help desk, Physics Teaching and Youth, and adult education. Moisés holds a Bachelor’s degree in physics from the state University of Rio de Janeiro and a Master’s degree in Physical Science form the Brazilian Center of Physical Research. He holds a PhD in Information Science from IBICT / UFRJ.

Dr. Moisés  might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Networking category.


Do you know you  can get answers before opening a TAC case by visiting the Cisco Community.  
 

SlidesFAQ event video

**Helpful votes Encourage Participation! **
Please be sure to rate the Answers to Questions
1 person had this problem
Labels:
0 Helpful
24 Replies 24

ciscomoderator
Community Manager
Community Manager

‎04-23-2020 10:04 AM

  • Any sites with more examples for checking DORA process and such?
0 Helpful

moises.nisenbaum
Spotlight
Spotlight
In response to ciscomoderator

‎04-28-2020 05:26 AM

I encourage you to check DHCP by yourself. It is easy and you will learn a lot.

Open wireshark, turn off and on your NIC and filter the results using "dhcp" or "bootp" filter.

Simple like that.

 

0 Helpful

ciscomoderator
Community Manager
Community Manager

‎04-23-2020 10:08 AM

  • In the TCP explanation, about the data that is on brackets, is it only calculated by Wireshark, it does not exist in the packet?
0 Helpful

moises.nisenbaum
Spotlight
Spotlight
In response to ciscomoderator

‎04-28-2020 05:30 AM

Wireshark, TCPDump and other capture softwares read and show the Headers content.

The gold mine of Wireshark is that it processes this information almost in real time and display the analysis results in those informations between brackets.

For example: Wireshark reads the TCP sequence number and the size of the segment. So it calculates the next sequence number. This info will be displayed between brackets. Everything in bracket is NOT in headers.

 

Cheers

Moisés

 

ciscomoderator
Community Manager
Community Manager

‎04-23-2020 10:09 AM

  • What are the options of Cisco dump, I mean, can you give some examples?
  • Can we have or generate diagrams of the packet flow?
0 Helpful

moises.nisenbaum
Spotlight
Spotlight
In response to ciscomoderator

‎04-28-2020 05:41 AM

Sure.

The simpler is "debug ip packet". It is similar to TCPDump in Linux.

The "monitor capture" is more sophisticated and capture can be saved in a pcap file (https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-embedded-packet-capture/116045-productconfig-epc-00.html)

Ciscodump is an extcap tool that relys on Cisco EPC to allow a user to run a remote capture on a Cisco router in a SSH connection. The minimum IOS version supporting this feature is 12.4(20)T. More details can be found here: https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-embedded-packet-capture/datasheet_c78-502727.html 

But, many times, with Cisco Netflow, we can do a better network diagnostic (https://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-netflow/index.html)

 

About the diagrams, please, explore Wireshark Statistics menu. It is awesome.

 

Cheers

Moisés

ciscomoderator
Community Manager
Community Manager

‎04-23-2020 10:09 AM

  • Is there any front-end tool that can be used to summarize the Wireshark findings?
0 Helpful

moises.nisenbaum
Spotlight
Spotlight
In response to ciscomoderator

‎04-28-2020 05:42 AM

I don't know any tool that does this.

But the Wireshark front-end is very good. Maybe what you want can be done just with the display filters.

Also explore the Statistics and Analyze menus.

 

Cheers

Moisés

0 Helpful

vemurisravanti200486918
Level 1
Level 1

‎04-26-2020 07:27 PM

 
0 Helpful

Hilda Arteaga
Cisco Employee
Cisco Employee

‎04-30-2020 08:18 PM

Dear @moises.nisenbaum 

Thank you for sharing your time and knowledge with the community, we have learned lots.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents