For those who would like to look deep into their networks and not just on the outside, “Wireshark – the network protocol analyzer,” is the way to go! We will understand what is meant by “sniffing”, why it is used and how the Wireshark network protocol analyzer works in this post.
What are sniffers?
While social media rages on one side giving rise to new professions, there is another equally quiet but stealthy profession too – monitoring other people’s networks and activities by means of “sniffing”. Since a firewall cannot detect all malicious traffic we use “sniffers” to monitor the traffic across the network. As with everything else in security, “sniffers” can be used in a positive and negative way either by employers monitoring their employees or by scrupulous individuals trying to hack systems.
A “packet” is a message that has been broken up. A “packet sniffer” looks at all packets that are connected to the network. A “packet sniffer” placed strategically on crucial servers can let us know the websites that an individual/employee visits, what email he/she is sending, what files are being downloaded etc. These are just a few things that can be done. With all this information, an employer can know how much time an employee is spending online. The bottom line with “sniffers” is that they are used to look into packets and monitor and understand traffic. The following bullets list the different uses of sniffing tools:
- Sniffing network traffic is invaluable for network administrators trying to rectify network problems
- Security engineers use “sniffers” to sort network issues
- Developers use it to debug communication protocols(Packet Sniffing with Wireshark and Tcpdump)
Tcpdump and Wireshark are two popular sniffing tools and we will see Wireshark in detail now.
Wireshark – The Network Protocol Analyzer:
‘Wireshark’ formerly known as ‘Ethereal’ is a sniffing tool and network protocol analyzer. Wireshark is an open source network monitoring tool that is available for different platforms such as Windows, Linux and Unix. Sniffing tools are used to only monitor the traffic, study it and understand it and not alter the traffic in any way.
The captured packets can be saved for analysis later. Here are some features of the Wireshark network analyzer which makes it one of the most sought after sniffer tool:
- It allows deep packet inspection of different protocols
- As already stated, the captured data can be saved for later analysis
- The Wireshark analyzer runs on Windows, Unix, FreeBSD, NetBSD among other operating systems
- The raw data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
- The Wireshark analyzer has powerful filters
- The captured data can be analyzed via the GUI interface or via the TTY mode TShark utility.
- “Capture files compressed with gzip can be decompressed on the fly” (About Wireshark)
Conclusion:
We saw the definition of sniffers and the working of the Wireshark protocol analyzer in this post. For more information on Wireshark or to download it and work with it – please visit: http://www.wireshark.org
Bibliography:
About Wireshark. (n.d.). Retrieved July 17, 2018 from Wireshark: http://www.wireshark.org/about.html
Following TCP streams. (n.d.). Retrieved from Wireshark.org: http://www.wireshark.org/docs/wsug_html_chunked/ChAdvFollowTCPSection.html
Packet Sniffing with Wireshark and Tcpdump. (n.d.). Retrieved from science.hamptonu.edu: http://science.hamptonu.edu/compsci/docs/iac/packet_sniffing.pdf
Good to catch up on upcoming technical jargons !! #myfriendalexa #fotwreads
Thanks for sharing a great information.. It is an open source of toll for profiling network.. #MyFriendAlexa #FlavorsofworldRead
notes are good and simple