Over 10 Million Study Resources Now at Your Fingertips

Download as :
Rating : ⭐⭐⭐⭐⭐
Price : $10.99
Pages: 5

The system receiving arp requests and sending traffic out the network

318 Chapter 7 • Introducing Wireshark: Network Protocol Analyzer

Firewall Firewall

Switch Switch

Server A


Server B


7. Introducing Wireshark: Network Protocol Analyzer • Chapter 7 319

Verify that the problem has been solved

The last step of network troubleshooting is verifying that the problem has been resolved. Make sure that the fix for this problem did not create any new problems or that the problem you solved is not indicative of a deeper underlying problem. Part of this step of the process includes documenting the steps taken to resolve the problem, which will assist in future troubleshooting efforts. If you have not solved the problem, you must repeat the process from the beginning.The flowchart in Figure 7.8 depicts the network troubleshooting process:


Recognize the YES




Define the
Analyze the

Isolate the

Identify and
test the cause

Verify that the
problem has
been solved



Introducing Wireshark: Network Protocol Analyzer • Chapter 7 321

06:07:08:09:0a:0b to 00:01:02:03:04:05 is at 06:07:08:09:0a:0b

Knowing that ARP traffic is a necessary precursor to normal network traffic, Ethereal can be used to check for the presence of this traffic on the network.There are several conditions of ARP that indicate specific problems. If there is no ARP traffic from the system on the network, either you are not capturing the traffic correctly or there are driver or OS issues preventing network communi-cation. If the system is issuing ARP requests but there is no response from the host, it may not be on the network. Make sure that the system is on the correct LAN; it is no longer as easy as plugging into the correct network jack. If the system is receiving ARP requests and sending IP traffic out on the network, but not receiving a response that you have verified with your sniffer, there may be a firewall or driver issue with the system.

If your Wireshark capture shows that the client is sending a SYN packet, but no response is received from the server, the server is not processing the packet. It could be that a firewall between the two hosts is blocking the packet or that the server itself has a firewall running on it

Scenario 2: SYN immediate response RST

Scenario 3: SYN SYN+ACK ACK

Connection Closed

Detecting Internet Relay Chat Activity

Besides the policy implications of chat rooms, IRC is frequented by hackers and used as a command and control mechanism. IRC normally uses TCP port 6667. If you set Wireshark to detect traffic with destination port 6667, you will see IRC traffic that looks like the following:

NOTICE AUTH :*** Looking up your hostname...

Local client to IRC server

NOTICE AUTH :*** Found your hostname


How It Works
Login account
Login Your Account
Add to cart
Add to Cart
Make payment
Document download
Download File
PageId: ELIB1FC76E
Uploaded by :
Page 1 Preview
the system receiving arp requests and sending traf
Sell Your Old Documents & Earn Wallet Balance