For those who would like to look deep into their networks and not just on the outside, “Wireshark – the network protocol analyzer,” is the way to go! We will understand what is meant by “sniffing”, why it is used and how the Wireshark network protocol analyzer works in this post.
What are sniffers?
While social media rages on one side giving rise to new professions, there is another equally quiet but stealthy profession too – monitoring other people’s networks and activities by means of “sniffing”. Since a firewall cannot detect all malicious traffic we use “sniffers” to monitor the traffic across the network. As with everything else in security, “sniffers” can be used in a positive and negative way either by employers monitoring their employees or by scrupulous individuals trying to hack systems.
A “packet” is a message that has been broken up. A “packet sniffer” looks at all packets that are connected to the network. A “packet sniffer” placed strategically on crucial servers can let us know the websites that an individual/employee visits, what email he/she is sending, what files are being downloaded etc. These are just a few things that can be done. With all this information, an employer can know how much time an employee is spending online. The bottom line with “sniffers” is that they are used to look into packets and monitor and understand traffic. The following bullets list the different uses of sniffing tools:
Tcpdump and Wireshark are two popular sniffing tools and we will see Wireshark in detail now.
Wireshark – The Network Protocol Analyzer:
‘Wireshark’ formerly known as ‘Ethereal’ is a sniffing tool and network protocol analyzer. Wireshark is an open source network monitoring tool that is available for different platforms such as Windows, Linux and Unix. Sniffing tools are used to only monitor the traffic, study it and understand it and not alter the traffic in any way.
The captured packets can be saved for analysis later. Here are some features of the Wireshark network analyzer which makes it one of the most sought after sniffer tool:
We saw the definition of sniffers and the working of the Wireshark protocol analyzer in this post. For more information on Wireshark or to download it and work with it – please visit: http://www.wireshark.org
About Wireshark. (n.d.). Retrieved July 17, 2018 from Wireshark: http://www.wireshark.org/about.html
Following TCP streams. (n.d.). Retrieved from Wireshark.org: http://www.wireshark.org/docs/wsug_html_chunked/ChAdvFollowTCPSection.html
Packet Sniffing with Wireshark and Tcpdump. (n.d.). Retrieved from science.hamptonu.edu: http://science.hamptonu.edu/compsci/docs/iac/packet_sniffing.pdf
Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA. She has written blogs for Simplilearn, Whizlabs software, InfoSec institute and Jigsaw academy. She has created e-learning videos for Whizlabs software and Twenty19.
She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂