What is Wireshark?
Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible.
It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues.
It can keep an eye on each and every packet moving from one IP address to other, giving you the ability to see inside out, one of the most powerful tools out there for security enthusiast.
- Capture live packet data from a network interface.
- Open files containing packet data captured with tcpdump/WinDump, Wireshark, and a number of other packet capture programs.
- Import packets from text files containing hex dumps of packet data.
- Display packets with very detailed protocol information.
- Save packet data captured.
- Export some or all packets in a number of capture file formats.
- Filter packets on many criteria.
- Search for packets on many criteria.
- Colorize packet display based on filters.
- Captured files can be programmatically edited or converted via command-line switches to the “editcap” program.
- Data display can be refined using a display filter.
- plugins can be created for dissecting new protocols.
- VoIP calls in the captured traffic can be detected. If encoded in a compatible encoding, the media flow can even be played.
- Raw USB traffic can be captured.
Capturing packets with Wireshark
After downloading and installing Wireshark, you can launch it and double-click the name of a network interface under Capture to start capturing packets on that interface. For example, if you want to capture traffic on your wireless network, click your wireless interface, As soon as you click the interface’s name, you’ll see the packets start to appear in real time. Wireshark captures each packet sent to or from your system.
You can see the source and destination protocol used to transmit packets, data about the packet being transferred, to stop capturing packets, you have to click the red button near the left corner of the window, you can save the captured packets data to analyze them later.
A detailed discussion about capturing packets is there, you can refer to that video for better understanding and extra information.
There is a large variety of traffic in a network, suppose you want to keep a check on specific traffic, you can do so by filtering out specific packets of your, then Wireshark will capture traffic of that particular packet only, in this way it becomes very convenient for the user to analyze traffic.
The most basic way to apply a filter is by typing it into the filter box at the top of the window and clicking Apply (or pressing Enter). For example, type “DNS” and you’ll see only DNS packets. When you start typing, Wireshark will help you autocomplete your filter.
You can also click Analyze > Display Filters to choose a filter from among the default filters included in Wireshark. From here, you can add your own custom filters and save them to easily access them in the future.
A detailed video on filtering packets is there, you can refer to that video for clear understanding.
What Wireshark cannot do?
- Wireshark isn’t an intrusion detection system. It will not warn you when someone does strange things on your network that he/she isn’t allowed to do. However, if strange things happen, Wireshark might help you figure out what is really going on.
- Wireshark will not manipulate things on the network, it will only “measure” things from it. Wireshark doesn’t send packets on the network or do other active things (except for name resolutions, but even that can be disabled).
Wireshark is a very powerful tool, professionals use it to debug network implementations, examine security problems and inspect network protocols internals.
It’s very useful for beginners in the field of networking, ethical hacking to understand what going inside a network, with depth analysis of packets one can figure out many vulnerabilities, hence its salient functionality and easy to use interface makes it more useful for everyone.