Wireshark is a free and
open-source packet analyzer. It is used for network troubleshooting, analysis,
software and communications protocol development, and education. It is the network
analysis tool which is called as “Ethereal”. Wireshark captures packets in real
time and displays them in human-readable format. Wireshark includes filters,
color-coding and other features that let you dig deep into network traffic and
inspect individual packets.
Fig1: Logo Of Wireshark
Wireshark is a very powerful and popular network analyzer for Windows, Mac and Linux. It’s a tool that is used to inspect data passing through a network interface which could be your Ethernet, LAN and Wi-Fi. Data that it inspects is often referred to as “frames”; these frames include “packets”. Over the network it captures the received and sent packets and decodes it for the purpose of analysis.
WHAT ALL FACILITIES DO WIRESHARK PROVIDES?
The
following Listed are the various features provided by Wireshark:
1)
It Captures the Live Packet from network.
2)
It is widely used in UNIX and Windows.
3)
It imports packets text files containing hexadecimal
dumps of packet data.
4)
Display packets with very
detailed protocol information.
5)
It saves packet data captured.
6) It exports
in any format.
7)
It filters the data packets.
8)
It colors the packets based
on filters.
WHY DOES ONE USE WIRESHARK?
PEOPLE USING
|
PURPOSE OF THE USE
|
1)
Network Administrator
|
Troubleshooting
the network problems
|
2)
Developers
|
For
debugging the implementation of the protocol
|
3)
Network Security Engineers
|
For
securing the networks from the problems occurring in an network
|
4)
Students, End Users, etc
|
For
learning the internals of the protocol
|
HOW
TO FILTER ANY PACKET? :
Firstly
open the Wireshark application. There is the way to filter the packet. One has
to just type the name of the entity to be filter into the filter box at the top
of the window followed by apply button. For example, type “Domain Name System”
and one can see DNS packets. Wireshark supports the auto completion. In order
to see the flow of the packets click on analyze button. Following
picture shows you how the filter and analyze works.
Fig2.
: Filter and Analyze Button Working
If
one wishes to change the flow of the packet stream say from TCP, if you want to
change it to UDP or SSL then just right click on packet and choose the
appropriate choice. Here the option one must select the option of ‘Follow
Stream’ by right clicking the desired packet. Following figure illustrates the
same.
Fig3:
Change in packet stream
One
can even observe the server-client communication. This can be easily done by
right clicking the packet one wishes to see the communication. Following figure
illustrates the way server-client communicates with one other.
Fig4:
Server-Client Communication in the packets
As
the result of closing this communication window it can be seen that filter gets
automatic applied and thus the Wireshark displays the communicating packets.
How to examine the packet in Wireshark?
In
order to examine any packet, follow the steps below. One just needs to select
the desired packet and in order to view the details of the packet select the
‘dig’ option. Below figure describes the examination of the packet selected.
Fig5:
Packet Examination
WHERE CAN ONE FIND THE WIRESHARK?
You
can get Wireshark from here: http://www.wireshark.org/download.html
Thus Wireshark is one of
the best open source packet analyzers available today.
No comments:
Post a Comment