مراقبة الشبكة باستخدام واير شارك - كتاب الأمن السيبراني - الصف 12 - الفصل 1 - المملكة العربية السعودية

--- SECTION: Wireshark Network Analyzer Interface --- The Wireshark Network Analyzer File Edit View Go Capture Analyze Statistics Telephony Wireless Tools Help Apply a display filter <Ctrl-/> --- SECTION: Capture Interfaces Window --- Wireshark - Capture Interfaces Input Output Options Interface Traffic Link-layer Header Promiscuous Snaplen (B) Buffer (MB) Monitor Mode Capture Filter Local Area Connection* 8 Ethernet default 2 not port 3389 Local Area Connection* 7 Ethernet default 2 not port 3389 Ethernet Ethernet default 2 not port 3389 Local Area Connection* 6 Ethernet default 2 not port 3389 Adapter for loopback traffic capture BSD loopback default 2 not port 3389 Enable promiscuous mode on all interfaces Capture filter for selected interfaces: not port 3389 Manage Interfaces Start Close Help عند تمكين الوضع المختلط (Promiscuous Mode) ، تعرض واجهة الشبكة جميع حزم الشبكة التي تلتقطها للمضيف. --- SECTION: Learn Section --- Learn User's Guide Wiki Questions and Answers Mailing Lists You are running Wireshark 3.2.1 (v3.2.1-0-gbf38a67724d0). No interfaces selected No Packets Profile: Default --- SECTION: Packet Capture Window --- File Edit View Go Capture Analyze Statistics Telephony Wireless Tools Help Apply a display filter <Ctrl-/> No. Time Source Destination Protocol Length Info 97 7.404476 199.0.0.56 199.0.0.255 NBNS 92 Name query NB <PAD<00> 98 7.451849 199.0.0.56 199.0.0.255 NBNS 92 Name query NB <PAD<00> 99 7.452177 199.0.0.56 224.0.0.251 MDNS 70 Standard query 0x0000 A wpad.local, "QM" question 100 7.452333 fe80::6d45:6973:650...fb ff02::1:3 MDNS 90 Standard query 0x0000 A wpad.local, "QM" question 101 7.452815 fe80::6d45:6973:650...1:3 ff02::1:3 LLMNR 84 Standard query 0x9be8 A wpad 102 7.452946 199.0.0.56 224.0.0.252 LLMNR 64 Standard query 0x9be8 A wpad 103 7.630237 199.0.0.37 199.0.0.255 DB-LSP... 188 Dropbox LAN sync Discovery Protocol Frame 1: 84 bytes on wire (672 bits), 84 bytes captured (672 bits) on interface \Device\WPF_{28219D41-4EDB-41EC-9A3B-A27090E3A2FA}, Id 0 (00:33:00:01:00:03) Ethernet II, Src: Dell_90:d5:40 (d8:ca:3a:90:d5:40), Dst: IPv6cast_01:00:03 (33:33:00:01:00:03) Internet Protocol Version 6, Src: fe80::6d45:6973:6506:2a21, Dst: ff02::1:3 User Datagram Protocol, Src Port: 50097, Dst Port: 5355 Link-local Multicast Name Resolution (query) 0000 33 33 00 01 00 03 b8 ca 3a 90 d5 40 dd 6d 0a 33 0010 33 00 01 00 03 b8 ca 3a 90 d5 40 dd 6d 0a 33 0020 69 73 65 86 2a 21 ff 02 00 00 00 00 00 00 00 00 ise.* 0030 00 00 00 01 00 03 c3 b1 14 eb 00 le b3 94 36 bd 0040 00 00 00 00 04 77 70 61 64 00 0050 00 01 00 01 Ethernet: <live capture in progress> Packets: 103 - Displayed: 103 (100.0%) Profile: Default --- SECTION: شكل 2.9: مراقبة الشبكة باستخدام واير شارك --- شكل 2.9: مراقبة الشبكة باستخدام واير شارك وزارة التعليم 71 2025 - 1447 --- VISUAL CONTEXT --- **FIGURE**: شكل 2.9: مراقبة الشبكة باستخدام واير شارك Description: A screenshot of the Wireshark Network Analyzer application, showing two main windows and a 'Learn' section. The top window is 'Wireshark - Capture Interfaces', displaying a table of network interfaces with details including 'Promiscuous' mode status. A blue callout box explains 'Promiscuous Mode'. The bottom window is 'Wireshark - Capturing from Ethernet (not port 3389)', showing a list of captured network packets with columns for No., Time, Source, Destination, Protocol, Length, and Info. Below the packet list, there are panes for packet details and a hexadecimal/ASCII dump of packet data. Table Structure: Headers: Interface | Traffic | Link-layer Header | Promiscuous | Snaplen (B) | Buffer (MB) | Monitor Mode | Capture Filter Rows: Row 1: Local Area Connection* 8 | Ethernet | Ethernet | checked | default | 2 | EMPTY | not port 3389 Row 2: Local Area Connection* 7 | Ethernet | Ethernet | checked | default | 2 | EMPTY | not port 3389 Row 3: Ethernet | Ethernet | Ethernet | checked | default | 2 | EMPTY | not port 3389 Row 4: Local Area Connection* 6 | Ethernet | Ethernet | checked | default | 2 | EMPTY | not port 3389 Row 5: Adapter for loopback traffic capture | BSD loopback | BSD loopback | checked | default | 2 | EMPTY | not port 3389 Empty cells: Monitor Mode column cells are empty or contain a dash. Data: The top window shows configuration for network interfaces, with 'Promiscuous' mode enabled for all listed interfaces. The callout box clarifies that enabling this mode allows the network interface to capture all packets for the host. The bottom window displays live captured network traffic, including packet numbers (97-103 visible), timestamps, source and destination IP addresses, protocols (NBNS, MDNS, LLMNR, DB-LSP), packet lengths, and descriptive information. The packet details pane provides a hierarchical breakdown of a selected packet (Frame 1), showing Ethernet, IPv6, UDP, and LLMNR layers. The hex dump shows the raw data of the packet. Key Values: Wireshark 3.2.1, Capture filter: not port 3389, Packets: 103, Promiscuous Mode enabled Context: This figure illustrates the user interface and functionality of Wireshark, a network protocol analyzer. It demonstrates how to configure capture interfaces, enable promiscuous mode for comprehensive packet capture, and view captured network traffic, including packet details and raw data. It is relevant for understanding network monitoring and troubleshooting.