Wednesday, December 11, 2013

Wireshark: One Of The Best Open-Source Packet Analyzer

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. It is the network analysis tool which is called as “Ethereal”. Wireshark captures packets in real time and displays them in human-readable format. Wireshark includes filters, color-coding and other features that let you dig deep into network traffic and inspect individual packets.


Fig1: Logo Of Wireshark


Wireshark is a very powerful and popular network analyzer for Windows, Mac and Linux. It’s a tool that is used to inspect data passing through a network interface which could be your Ethernet, LAN and Wi-Fi. Data that it inspects is often referred to as “frames”; these frames include “packets”. Over the network it captures the received and sent packets and decodes it for the purpose of analysis. 

WHAT ALL FACILITIES DO WIRESHARK PROVIDES?

The following Listed are the various features provided by Wireshark:
1)       It Captures the Live Packet from network.
2)       It is widely used in UNIX and Windows.
3)       It imports packets text files containing hexadecimal dumps of packet data.
4)       Display packets with very detailed protocol information.
5)       It saves packet data captured.
6)       It exports in any format.
7)       It filters the data packets.
8)       It colors the packets based on filters.

 WHY DOES ONE USE WIRESHARK?

PEOPLE USING
PURPOSE OF THE USE
1)     Network Administrator
Troubleshooting the network problems
2)     Developers
For debugging the implementation of the protocol
3)     Network Security Engineers
For securing the networks from the problems occurring in an network
4)     Students, End Users, etc
For learning the internals of the protocol

HOW TO FILTER ANY PACKET? :

Firstly open the Wireshark application. There is the way to filter the packet. One has to just type the name of the entity to be filter into the filter box at the top of the window followed by apply button. For example, type “Domain Name System” and one can see DNS packets. Wireshark supports the auto completion. In order to see the flow of the packets click on analyze button. Following picture shows you how the filter and analyze works.


Fig2. : Filter and Analyze Button Working

If one wishes to change the flow of the packet stream say from TCP, if you want to change it to UDP or SSL then just right click on packet and choose the appropriate choice. Here the option one must select the option of ‘Follow Stream’ by right clicking the desired packet. Following figure illustrates the same.


Fig3: Change in packet stream

One can even observe the server-client communication. This can be easily done by right clicking the packet one wishes to see the communication. Following figure illustrates the way server-client communicates with one other.


Fig4: Server-Client Communication in the packets

As the result of closing this communication window it can be seen that filter gets automatic applied and thus the Wireshark displays the communicating packets.

How to examine the packet in Wireshark?

In order to examine any packet, follow the steps below. One just needs to select the desired packet and in order to view the details of the packet select the ‘dig’ option. Below figure describes the examination of the packet selected.


Fig5: Packet Examination

WHERE CAN ONE FIND THE WIRESHARK?

You can get Wireshark from here: http://www.wireshark.org/download.html


Thus Wireshark is one of the best open source packet analyzers available today.