Wireshark Tutorial

WiMAX Radio Link, Parameters and Performance Lesson 4 – Exercise 4

Lesson 4, Exercise 4

Introduction to Wireshark

Exercise Objectives In this exercise, you will:

• Open a Wireshark capture file

• Analyze WiMAX DCD and UCD messages

• Change Wireshark preferences

• Change the color for WiMAX messages

1


2

What is Wireshark?

• Wireshark is a network protocol analyzer, used by network professionals around the world for troubleshooting, analysis, software and protocol development, and training

• Platforms: Windows, Solaris (UNIX), Linux

• Cost: Free (download from www.wireshark.org)

• Pre-existing protocols: Over 750 including WiMAX

Wireshark, formerly known as Ethereal, is an open-source network protocol analyzer, used for troubleshooting, message decoding and analysis, software and protocol development, and training. Wireshark may be downloaded from www.wireshark.org for Windows, Linux, or Solaris (UNIX) platforms. Over 750 protocols are currently supported in the free, open-source package.

http://www.wireshark.org/

http://www.wireshark.org/


Protocol Analyzer Functions

Figure 1

A protocol analyzer performs the following functions:

• Captures packets on a wired or wireless network interface

• Decodes captured packet fields into text or symbolic format

• Analyzes traffic flows and conversations

• Filters traffic for specific packets or streams

• Displays statistics for the captured traffic

3


Wireshark Dependencies

Figure 2

In addition to its built-in decoders and plug-ins. Wireshark has the following dependencies:

• Interface card and driver – Wireshark relies on network interfaces on the platform. You must select an active interface to capture traffic.

• libpcap – libpcap is an open source software product that performs the actual data

“sniffing”. libpcap hands the captured packets to Wireshark for decoding and analysis.

The graphic illustrates the data flow from the physical media to Wireshark.

4


Viewing IP Packets with an External Subscriber Station

Figure 3 In the graphic above we are capturing packets using Wireshark on the laptop. Note that IP packets are automatically forwarded by the subscriber station (SS).

Viewing MAC Packets with an External Subscriber Station

Figure 4

How do we capture WiMAX MAC management messages? The MAC PDUs are intercepted and interpreted by the subscriber station; they are not normally forwarded to the attached user. Fortunately, the SS supports a MAC forwarding option. If MAC forwarding is turned on, the SS will place each WiMAX MAC management message in an Ethernet broadcast frame and forward the frame out of its Ethernet interface.

5


Wireshark – Basic Actions

Figure 5

Wireshark features a GUI-based user interface, with pull-down menus and tool bars. The most basic actions it supports are capturing packets, saving captured packets in a file, and loading packets from a file to the capture buffer.

Capturing packets The Capture pull-down menu (and icons on the tool bar) sets up, starts and stops the packet capture. The Interfaces option displays all the platform network interfaces, both active and inactive. You must select an active interface to begin the packet capture. As packets are captured, they are displayed on the screen. The Start and Stop options begin and end the packet capture.

Saving and Loading Captured Packets to a File The File pull-down menu (and icons on the tool bar) saves captured packets to a file, or opens (loads) a previously saved file. The Save and Save As options store some or all packets from the capture buffer to a file, while Open retrieves packets from a file to the capture buffer.

6


7


Capture Buffer Display

Figure 6

Captured packets are displayed in three windows: Packet List, Packet Details and Packet Bytes.

Packet List Window • Basic data flow summary

• Each line represents one packet

• Packet number and timestamp supplied by Wireshark

• Color-coded based on type of packet

8


Packet Details Window

Figure 7

• Displays a detailed view of the (one) message selected in the Packet List window

• Each layer of the protocol stack is decoded

• Detailed field information – correlated with other packets where appropriate

• Details displayed in a collapsible tree structure

Packet Bytes Window

Figure 8

• Displays the bytes of the (one) message selected in the Packet List window

• The first column identifies the byte number of the first byte in the row

• The second column displays the message bytes in hexadecimal format

• The third column displays the message bytes in ASCII text

9


10

Task 1 – Launching Wireshark

1) Click on the Wireshark icon to launch the application.

2) Under the File pull-down menu, Open the file L4-Ex4_Capture. How many packets were loaded into the capture buffer?

Task 2 – Analyzing WiMAX Packets Analyze the WiMAX packets and answer the following questions.

1) Click on Packet 1 (DCD message) in the Packet List window.

2) In the Packet Summary window, expand the PDU line, then expand the Downlink Channel Descriptor line. What is the Downlink Center Frequency for this sector?

3) What is the AP ID (Base Station ID)?

4) What is the DCD Configuration Change Count? The actual number of configuration changes is much lower. Why is the CCC number so high?


11

Task 2, Continued

5) What is the EIRP for the Access Point? What units are used for the EIRP value?

6) What is the minimum expected receive power from a subscriber (EIRXP)?

7) What modulation and coding scheme is used by each DL Burst Profile? Are these values the same as the DL Burst Profiles in the previous exercise?


12

Task 2, Continued

8) Click on Packet 2 (UCD message) in the Packet List window.

9) In the Packet Summary window, expand the PDU line, then expand the Uplink Channel Descriptor line. What is the UCD Configuration Change Count?

10) How many Initial Ranging Codes are supported?

11) What modulation and coding scheme is used by each UL Burst Profile? Are these values the same as the UL Burst Profiles in the previous exercise?


Task 3 – Editing Wireshark Preferences

Let’s change the Wireshark display format.

1) In the Edit pull-down menu, select Preferences. The Wireshark Preferences window will be displayed. Now select Layout in the left pane.

Figure 9

2) Change the display format by setting Pane 3 to “None”. Now press OK and return to the capture buffer display? Is anything different?

13


Task 4 – Setting Wireshark Colors

Let’s change the display color for WiMAX packets.

1) Press the Edit Coloring Rules icon on the tool bar at the top of the screen.

2) The Wireshark Coloring Rules window should be displayed. Select New to create a new coloring rule for WiMAX packets.

Figure 10

3) The Edit Color Filter window should now be displayed.

Figure 11

You must set up a rule name, filter string, and foreground and background colors.

14


Task 4, Continued

4) Type in a rule name (such as WiMAX). The filter string should indicate the letters “wmx”. Did anything change in this window as you typed in the filter?

5) Select Foreground Color; the following window will be displayed. The foreground color is the text color.

Figure 12

To change the foreground color, click on the eyedropper icon. Now move the icon to the desired color in the color wheel and click again. Do you see your selected color in the selection box? Now press OK to return to the Edit Color Filter window.

15


Task 4, Continued

6) Select Background Color; the following window will be displayed.

Figure 13

To change the background color, click on the eyedropper icon. Now move the icon to the desired color in the color wheel and click again. Try a color like yellow. Do you see your selected color in the selection box? Now press OK to return to the Edit Color Filter window.

16


Task 4, Continued

7) Select OK to return to the Wireshark Coloring Rules window.

Figure 14

Press OK to return to the capture buffer display. Did the WiMAX packets change color?

You are finished with this Exercise. STOP

17

Wireshark Tutorial

Documents

wimax wireshark

packet capture

captured packets

wireshark capture file

wimax radio link

packet packet number

performance lesson

specific packets