Using Wireshark To Ease Network Configuration

Tony Fortunato shows how the network protocol analyzer helps with firewall and router configuration.

Tony Fortunato

January 5, 2017

1 Min Read
NetworkComputing logo in a gray background | NetworkComputing

When using network protocol analyzers, analysts may run into problems when they need to recommend a configuration change to the technicians who manage the firewalls or routers. This can happen when a network analyst spots abnormal or suspicious traffic and wants to block it. It also can happen when an analyst determines that a firewall or router configuration is preventing proper communication with a new application.

With either scenario, the analyst who captured the packets has to explain or translate the change to the router or firewall manager. The potential problem is that different technicians from various disciplines might not easily understand what's needed or be on the same page.

This is where a little known Wireshark feature comes in, which I demonstrate in the video below.

 

When analyzing packets in Wireshark, go to the Tools menu and select the Firewall ACL Rules option and you will see various configuration syntaxes for different firewall and router products such as Cisco IOS, Netfilter (iptables) and Windows Firewall (via netsh). These rules are based on MAC addresses, IPv4 addresses, TCP and UDP ports, and IPv4+port.

Please pay attention to the screen and ensure you have the appropriate deny and inbound options selected to have the expected result.

Finally, feel free to copy and paste several filters into a text editor, but be careful of the order and if the product you're working with needs a deny or permit all at the end.

About the Author

Tony Fortunato

Sr Network Performance Specialist

Tony Fortunato is a network performance expert who has been designing, implementing and troubleshooting networks since 1989. His company, The Technology Firm, provides clients of all sizes with services ranging from project management, network design, consulting, troubleshooting, designing custom-designed training courses, and assisting with equipment installation. Tony's experience in networking started with financial trading floor networks and ISPs, where he learned to integrate and support equipment from various vendors. Tony has taught and presented at numerous colleges and universities, public forums and private classes. He blogs frequently at NetworkDataPediaand has a popular YouTube channel.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights