From Fedora Project Wiki
No edit summary |
(categorize correctly) |
||
(2 intermediate revisions by one other user not shown) | |||
Line 11: | Line 11: | ||
# Close Wireshark | # Close Wireshark | ||
# Open the saved file with Wireshark: {{command|wireshark /tmp/test.pcap}} | # Open the saved file with Wireshark: {{command|wireshark /tmp/test.pcap}} | ||
# Try to use the '''Filter''' eg: filter by HTTP, SSH etc... | # Try to use the '''Filter''' eg: filter by HTTP, DNS, SSH etc... | ||
# Try to use '''Follow TCP stream''' functionality. | # Try to use '''Follow TCP stream''' functionality. | ||
# Close Wireshark | # Close Wireshark | ||
Line 21: | Line 21: | ||
# Wireshark should works as expected without crashes. | # Wireshark should works as expected without crashes. | ||
}} | }} | ||
[[Category:Security Lab]] | |||
[[Category:Package_wireshark_test_cases]] |
Latest revision as of 18:32, 31 May 2011
Description
This test case tests the ability of Wireshark to capture and analyze network traffic.
Setup
- Ensure the
wireshark
,wireshark-gnome
packages are installed.
How to test
- Add the current user <username> to wireshark group:
su -c 'usermod -a -G wireshark <username>'
- Start capturing network traffic on eth0:
wireshark -i eth0 -k
- Do some network activities, like go to some websites, ssh/ping a remote host.
- Stop capturing traffic.
- Save file as:
/tmp/test.pcap
- Close Wireshark
- Open the saved file with Wireshark:
wireshark /tmp/test.pcap
- Try to use the Filter eg: filter by HTTP, DNS, SSH etc...
- Try to use Follow TCP stream functionality.
- Close Wireshark
Expected Results
- You should see Wireshark capturing packets.
- Wireshark should be able to save/open the file.
- Filter and Follow TCP stream should work.
- Wireshark should works as expected without crashes.