Wireshark

ByJayanthi

Wireshark

For those who would like to look deep into their networks and not just on the outside, “Wireshark – the network protocol analyzer,” is the way to go!  We will understand what is meant by “sniffing”, why it is used and how the Wireshark network protocol analyzer works in this post.

What are sniffers?

While social media rages on one side giving rise to new professions, there is another equally quiet but stealthy profession too – monitoring other people’s networks and activities by means of “sniffing”. Since a firewall cannot detect all malicious traffic we use “sniffers” to monitor the traffic across the network.  As with everything else in security, “sniffers” can be used in a positive and negative way either by employers monitoring their employees or by scrupulous individuals trying to hack systems.

A “packet” is a message that has been broken up. A “packet sniffer” looks at all packets that are connected to the network.  A “packet sniffer” placed strategically on crucial servers can let us know the websites that an individual/employee visits, what email he/she is sending, what files are being downloaded etc – to name a few of things that can be done. With all this information, an employer can know how much time an employee is spending online. The bottom line with “sniffers” is that they are used to look into packets and monitor and understand traffic. The following bullets list the different uses of sniffing tools:

  • Sniffing network traffic is invaluable for network administrators trying to rectify network problems
  • Security engineers use “sniffers” to sort network issues
  • Developers use it to debug communication protocols(Packet Sniffing with Wireshark and Tcpdump)

Tcpdump and Wireshark are two popular sniffing tools and we will see Wireshark in detail now.

Wireshark – The Network Protocol Analyzer:

           ‘Wireshark’ formerly known as ‘Ethereal’ is a sniffing tool and network protocol analyzer. Wireshark is an open source network monitoring tool that is available for different platforms such as Windows, Linux and Unix. Sniffing tools are used to only monitor the traffic, study it and understand it and not alter the traffic in any way.

The captured packets can be saved for analysis later. Here are some features of the Wireshark network analyzer which makes it one of the most sought after sniffer tool:

  1. It allows deep packet inspection of different protocols
  2. As already stated, the captured data can be saved for later analysis
  3. The Wireshark analyzer runs on Windows, Unix, FreeBSD, NetBSD among other operating systems
  4. The raw data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
  5. The Wireshark analyzer has powerful filters
  6. The captured data can be analyzed via the GUI interface or via the TTY mode TShark utility.
  7. “Capture files compressed with gzip can be decompressed on the fly” (About Wireshark)

Conclusion:

We saw the definition of sniffers and the working of the Wireshark protocol analyzer in this post. For more information on Wireshark or to download it and work with it – please visit: http://www.wireshark.org

Bibliography

About Wireshark. (n.d.). Retrieved July 17, 2018 from Wireshark: http://www.wireshark.org/about.html

Following TCP streams. (n.d.). Retrieved from Wireshark.org: http://www.wireshark.org/docs/wsug_html_chunked/ChAdvFollowTCPSection.html

Packet Sniffing with Wireshark and Tcpdump. (n.d.). Retrieved from science.hamptonu.edu: http://science.hamptonu.edu/compsci/docs/iac/packet_sniffing.pdf

 

 

 

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

About the author

Jayanthi administrator

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master's degree in Information systems with a specialization in Information security from Detroit, MI, USA. She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! :)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.