Wireshark is an open source application that monitors data packets. It is used to troubleshoot network problems, analyze traffic, develop software products, and communicate protocols for educational purposes. Wireshark is a free packet sniffer that captures packets that are sent on a particular network interface.
The functionality of Wireshark is similar to tcpdump, but the first one has a graphical interface, and many more sorting and filtering options. Allows the user to view all the traffic passing through the network by configuring the network interface in promiscuous mode. Wireshark can run on various operating systems, of which we mention Linux, Mac OS X, or Microsoft Windows. The most important thing to remember is that Wireshark is free software that comes close to the performance of a commercial solution. To use Wireshark, you need both the software installed on a computer and the packet-specific library called either libcap or WinPCap.
The Wireshark interface has 5 major components:
1. Command menus are typical drop-down menus located at the top of the window. The File menu allows you to save captured packets or to open previously saved packages and traces as well as to exit the application. The Capture menu allows packet capture.
2. The captured packet list displays each captured packet, including the packet number (assigned by Wireshark), the time after which the packet was captured, the source address of the packet and its destination, the protocol type, and the type of protocol information contained in batch. Package listing can be ordered by any of the categories listed by clicking on a column name. The field called protocol type displays the highest level protocol in the OSI stack that issued or received this package.
3. The details window in the selected package headers shows the details of the highlighted packages in the captured package list. This information includes details about the Ethernet frame (assuming the packet was issued/received via an Ethernet interface) and about the IP packages containing this packet. OSI and Ethernet OSI level information can be detailed by pressing the plus or minus buttons on the left of the Ethernet frame or IP packet.
4. The package content display window shows the entire content of a captured frame, both in ASCII and hexadecimal format.
5. In the top of the graphical interface is the field for defining the display filters, with a standard syntax used to filter the information that is displayed in the captured packet printout window.
How do I work with Wireshark
1. Open a web browser and load a page of your choice.
2. OpenĀ Wireshark. Initially, a window is displayed without having any packet in the captured package list, as the capture is not yet running.
3. To start the capture, click on Capture -> Interface then click the Options button next to the network interface you want to monitor. The “Wireshark: Capture Options” window will appear
4. The most default configurations can be used, but the “Hide capture info dialog” under Display Options must be deselected.
Network interfaces that your computer has connected to the network will appear in the drop-down menu at the top of the “Capture Options” window. After selecting the network interface, press Start. The packet capture will start and all packets transmitted and received from/to the computer that is equipped with the network card mentioned above will be captured by Wireshark.