Using a Sniffer 223
- Select the TCP portion of the packet in the middle pane.
- Now take this one step further and apply your knowledge of hexadecimal while taking
advantage of Wireshark’s packet breakdown display. In the following graphic, I have
expanded the IP portion of the packet. Looking at the bottom pane of the Wireshark
display, notice that the hex number highlighted (c0 a8 01 02) is the same as the decimal
highlighted source IP (192.168.1.2) in the middle pane. Pretty cool, huh? So what you’ve
accomplished here is to relate something fairly clear cut—a source IP address—to
something not so clear—the hex guts of a packet.