I am new to Wireshark too. But I would share some experience with you.
First, before you use Wireshark analyzing some network traffic, you need have some knowledge about TCP/IP fundamental. Such as ARP packets, DNS query packets, IP sourece address, IP destination address, TCP port number, UDP port number, are quite basic concepts of TCP/IP stack.
"Interworking with TCP/IP" Volume 1 or "Illustration TCP/IP" Volume 1 are two good books to read.
Second, you may move to speicifid application, such as http, email, nfs, cifs. These are upper layer
protocol based on TCP/IP. One of Wireshark's strong point is that it provides so many dissectors to decode protocols. Though Wireshark is a good tool to capture and decode network traffic, and even give an
analyzing, you'd better know the protocol by your own and then utilize Wireshark.
www.wiresharktraning.com has a free section of video cource and some tech notes, you may find it useful.
http://www.wiresharktraining.com/files/msteched_traces.ziphttp://www.wiresharktraining.com/files/2007_microsoft_chappell.zip
my 2 cents.
/zuoheng
On 7/13/07, Kenta Kentson <kenta_08@xxxxxxxxxxx> wrote:
Hi,
I'm new to this with wireshark, but I'm trying to learn.
And my question is, what is the best way to learn? I've been googeling alot but so far I havn't found
a good tutorial.
So I have been trying a bit for myself, tried too pick upp a password as i logged in to my mail for example, but have no idea where too look for it becasue there are like 200 files :P
thx in advance// kenta :P
Ring dina vänner med Messenger -- gratis
Testa nu!
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
