222 Chapter 9 ■ Sniffers
In Exercise 9.3 you will use Wireshark because it lets you read dissected
packets easily. On the CEH exam and in the real world, the output style
may be slightly different, but the pieces are essentially the same.EXERCISE 9.3Understanding Packet Analysis- From your Wireshark installation on BackTrack, you’re going to pull up the saved
capture from Exercise 9.1. Open the file using the Wireshark File menu and
select tel_capture.log. The log should look familiar. - Check the two bottom panes of the Wireshark display, where all the packet details are
available for review. Notice the highlighted portion in the bottom pane when you select
an item from the middle pane.