Wireshark is a network packet analyzer. This software one of the best packet analyzers available today and is available for free, and it is open source. This software, formerly known as Ethereal but the project was renamed Wireshark in May 2006 due to trademark issues.
Sources: wireshark.org and en.wikipedia.org
Wireshark is cross-platform and it runs on Linux, MAC OS, BSD, Solaris, some other Unix-like operating systems, and also Microsoft Windows. There is also a terminal-based (non-GUI) version called TShark.
Wireshark lets you analyze network traffic in real time, and is often the best tool for troubleshooting issues on your network .Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. In fact, this software supports more than two thousand network protocols. Of course, many of them are usefulness and the majority of the packets on your network are likely to be TCP, UDP, and ICMP.
Wireshark is network monitoring and analyzing tool. You can use it to read all OSI layers separately hence making troubleshooting very effective. Wireshark comes with graphical tools to visualize the statistics. This is useful for you to present findings to less-technical management.
This software also lets you put your network traffic under a microscope, and provides tools to filter and drill down into that traffic, zooming in on the root cause of the problem. Packet capture can provide a network administrator with information about individual packets such as transmit time, source, destination, and protocol type and header data.
Wireshark intercepts traffic and converts that binary traffic into human-readable format. This makes it easy to identify what traffic is crossing your network, how much of it, how frequently, how much latency there is between certain hops, and so forth.
Source: csoonline.com
One of the best features of this network analyzer is that it has a variety of filters. Due to the large volume and variety of network traffic information, we usually have to filter information (both for capturing and displaying). Capture filters will collect only the types of traffic you’re interested in, and display filters will help you zoom in on the traffic you want to inspect.
So let’s take a look at some of the best capabilities of this software:
- Capturing and analyzing packets on NICs
- Ability to see the data. For example if someone telnets on a switch, and you are sniffing with your Wireshark, it will catch the stream of data. It include actual password written by the user
- Ability to capture different media traffic, like USB, VOIP calls, etc
- Capturing NIC for many layer 2 protocols like PPP, Ethernet, HDLC
- Intercepting and analyzing encrypted TLS traffic
- Opening files containing packet data captured with tcpdump/WinDump, Wireshark, and many other packet capture programs
- Importing packets from text files containing hex dumps of packet data
- Creating various statistics
Source: wireshark.org
This network analyzer can even be used to learn how the network works. In fact, an eager learner can easily download the network protocol analyzer, sniff their local wifi access point, and start examining traffic.
The capabilities of this software have been talked about a lot, but it’s not that wireshark is useful and practical for all purposes on the network. This software isn’t an intrusion detection system. Of course, if strange things happen, Wireshark might help you figure out what is really going on. Wireshark also will not manipulate things on the network, it will only “measure” things from it.
You can download this network protocol analyzer and start sniffing packets. How to learn to work with it? Do not worry. There are complete learning resources for learning this network analyzer. For example, use the following resources:
- User’s Guide
- How to Use Wireshark to Capture, Filter and Inspect Packets
- How to Use Wireshark: A Complete Tutorial
- Wireshark Developer and User Conference ( A PDF File)
———————————
Sources:
