New to Wireshark?
Last Post: April 27, 2010:
-
I recently ordered one of the AirPcap adapters from Cace Technologies to go along with Wireshark. With my order, some links were provided to free training tools and resources. In particular, there was a free introductory training session called Wireshark 101Jumpstart. I went through this yesterday and thought it was very worthwhile for a novice or newbie, which I am.
I'm sure many people on this forum are already well informed and experienced with this tool, but if you're just getting into it check out some of these links for some great information!
http://www.cacetech.com/
http://www.wiresharktraining.com/tips
http://www.wiresharkbook.com/
http://chappellseminars.com/courses.html -
OK I will look at th elink later but my understanding is that Wireshark will sniff the air without AirPcap.
What does AirPcap bring me that wireshark doesn't
Apologies if its a stupid question?
-
I like Wireshark and find it quite useful. I also am a fan of Sniffer Wireless but it costs a little $$$. Fluke is great... um awesome... you have to sacrifice the green stuff to the Hesphaestus (Not sure I spelled it right but you get the point).
I'd have to check. It might come down to user interface, features, or... decodes.
-
If using Windows, when referring to wireless traffic, Wireshark only captures traffic on your own connection when associated to a network, and doesn't include the 802.11 header info. With the AirPcap adapter, it adds the ability within wireshark to capture in promiscuous mode to see all wireless traffic along with the 802.11 info, not just your own.
With Linux (ie - backtrack) there's more ability to sniff traffic using a wider range of adapters. I'm sure there are many ways around it and exceptions to make it work easier with Windows, I'm just going by what I've experienced so far. I have played around with Backtrack a bit, there's a huge amount of tools in there. I have very little experience with it, but I did manage to crack my own WEP key for the first time the other day.
-
I think I need to have a play, I have many more things to pay money for at the moment and there are so many free linux versions I can pull one down for a comparison.
IF I CAN ACTUALLY WORK LINUX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-
BTW Stackman, AirPcap is windows only, doesn't work in Linux. Also Laura Chappell's Wireshark Jumpstart is awesome. I learned a lot about Wireshark I didn't know and I have been using it for years. I am also going to get her new book that just came out for similar reasons http://www.wiresharktraining.com/
-
Hey Chris,
I guess I wasn't clear to explain that - I know that AirPcap is only for Windows. I was just mentioning that there appears to be a lot more flexibility using Linux to perform wireless captures. AirPcap is a good option for those of us not very familiar with Linux.
Glad to hear your feedback regarding the Laura Chappell material. I've signed up for another free session on filtering. She says she offers the free online sessions every month. I'm also interested in the book, will get that too eventually. During the training session I attended last week, she mentioned that the book will be the study guide for the new version of the certification program - Wireshark Certified Network Analyst. You're likely already aware of this, but for anyone interested in another cert program who hasn't heard about it, check out http://www.wiresharktraining.com/certification.html .
-
Are the exams for it finally available? It seems there "were in the works" for quite a while.
Nevermind:
STATUS UPDATE
We are moving ahead on the test - new questions have been written and are in the testing
phases. The new test will be in a proctored format and offer an at-home option to take the
test.The test will be administered by KRYTERION at over 500 locations globally.
The estimated release date is Q2 2010.
This is like the biggest "Vapor-Certification" in the industry so far.
Maybe we'll see it this year.
-
I have looked at the Laura Chappel site and hought there was good material there to get started with.
However i wasn't aware there were certs. I dont really see any value in certs forpacket sniffing,
Is that the definition of capour certs "zero market value"
Be good to see a book review
-
I must admit to wondering myself the value of certification in Wireshark. I know there is a lot of features to it and that Laura is passionate about teaching it to others but I think, unless I was doing a job that involved packet sniffing regularly, that getting a cert in it would be a hard sell to my boss. There must be some market value to it, and I expect Laura has been asked about a certification, otherwise why would she be involved in it in the first place? I've seen a few certs come and go and they are not always relevant or useful to me, I think the CWNP program, to me at least, has been one of the most relevant and useful since I did RHCE a number of years ago. Nevertheless I can see that being able to use Wireshark to a deep level is something very relevant to the CWAP course here and I will probably buy the book just because its supporting material for that cert.