Basics Getting started with Network Monitoring and Packet Analizing: Wireshark Guide 1

Hello, In this article will discuss about Wireshark

Who should be in interested in Wireshark Software?

The intended audience of this write up  is for anyone using Wireshark.

This article seeks to  explain all the basics and also some of the advanced features that Wireshark provides. You also need to understand that Wireshark has become a very complex program since the early days, This article will be written in series eg. 1,2,3  to give a very detailed explaination on all you can do with the Wireshark Software.

In this series of articles we will touch a bit about network sniffing in general and some details about specific network protocols.

Firstly we will discuss how to install Wireshark, how to use the basic elements of the graphical user interface (such as the menu) and what’s behind some of the advanced features that are not always obvious at first sight. It will hopefully guide you around some common problems that frequently appear for new (and sometimes even advanced) users of Wireshark.

Want to become a Cyber Security professional Today?  Click Here >>>https://www.soutechventures.com/certified-ethical-hacking-training-in-abujanigeria/

Check out over 30 Professional IT Courses in Nigeria here >>> https://www.soutechventures.com/courses/

What is Wireshark?

Do you know that there is something that Wireshark does very well?  That’s why its called a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible.

(Image 1)

In a very simplistic term whats a network packet analyzer? just say its like a measuring device that will examine and tell whats going on inside the network cable or wireless network

In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed.

Also know today that Wireshark is the best amongst cyber security specialist and another good thing about it is that its open source software( free)

(Image 2)

Why Do Yo Need To Use Wireshark Software:Some intended purposes

Here are some examples people use Wireshark for:

  • Network administrators use it to troubleshoot network problems
  • Network security engineers use it to examine security problems
  • QA engineers use it to verify network applications
  • Developers use it to debug protocol implementations
  • People use it to learn network protocol internals

Beside these examples Wireshark can be helpful in many other situations too.

Features

The following are some of the many features Wireshark provides:

  • Available for UNIX and Windows.
  • Capture live packet data from a network interface.
  • Open files containing packet data captured with tcpdump/WinDump, Wireshark, and a number of other packet capture programs.
  • Import packets from text files containing hex dumps of packet data.
  • Display packets with very detailed protocol information.
  • Save packet data captured.
  • Export some or all packets in a number of capture file formats.
  • Filter packets on many criteria.
  • Search for packets on many criteria.
  • Colorize packet display based on filters.
  • Create various statistics.
  • …​and a lot more!

Want to become a Cyber Security professional Today?  Click Here >>>https://www.soutechventures.com/certified-ethical-hacking-training-in-abujanigeria/

Check out over 30 Professional IT Courses in Nigeria here >>> https://www.soutechventures.com/courses/

CAUTION:

What Wireshark is not

Here are some things Wireshark does not provide:

  • Wireshark isn’t an intrusion detection system. It will not warn you when someone does strange things on your network that he/she isn’t allowed to do. However, if strange things happen, Wireshark might help you figure out what is really going on.
  • Wireshark will not manipulate things on the network, it will only “measure” things from it. Wireshark doesn’t send packets on the network or do other active things (except for name resolutions, but even that can be disabled).

Download and Installation of Wireshark

Stable Release (2.6.4)

If you have an OS thats not listed above then you can have Wireshark here:

tandard package: Wireshark is available via the default packaging system on that platform.
VENDOR / PLATFORM SOURCES
Alpine / Alpine Linux Standard package
Apple / macOS Homebrew (Formula)
MacPorts
Fink
Arch Linux / Arch Linux Standard package
Canonical / Ubuntu Standard package
Latest stable PPA
Debian / Debian GNU/Linux Standard package
The FreeBSD Project / FreeBSD Standard package
Gentoo Foundation / Gentoo Linux Standard package
HP / HP-UX Porting And Archive Centre for HP-UX
NetBSD Foundation / NetBSD Standard package
Novell / openSUSE, SUSE Linux Standard package
Offensive Security / Kali Linux Standard package
PCLinuxOS / PCLinuxOS Standard package
Red Hat / Fedora Standard package
Red Hat / Red Hat Enterprise Linux Standard package
Slackware Linux / Slackware SlackBuilds.org
Oracle / Solaris 11 Standard package

Note that while installation wireshark it will prompt you to install some additional components needed to be able to sniff a network

 Installation Components

On the Choose Components page of the installer you can select from the following:

  • Wireshark – The network protocol analyzer that we all know and mostly love.
  • TShark – A command-line network protocol analyzer. If you haven’t tried it you should.
  • Plugins & Extensions – Extras for the Wireshark and TShark dissection engines

    • Dissector Plugins – Plugins with some extended dissections.
    • Tree Statistics Plugins – Extended statistics.
    • Mate – Meta Analysis and Tracing Engine – User configurable extension(s) of the display filter engine, see Chapter 12, MATE for details.
    • SNMP MIBs – SNMP MIBs for a more detailed SNMP dissection.
  • Tools – Additional command line tools to work with capture files

    • Editcap – Reads a capture file and writes some or all of the packets into another capture file.
    • Text2Pcap – Reads in an ASCII hex dump and writes the data into a pcap capture file.
    • Reordercap – Reorders a capture file by timestamp.
    • Mergecap – Combines multiple saved capture files into a single output file.
    • Capinfos – Provides information on capture files.
    • Rawshark – Raw packet filter.

    In part 2 we will be discussing the various tools within wireshark and how that can be of help for us to sniff a network.

Thanks for reading…

Want to become a Cyber Security professional Today?  Click Here >>>https://www.soutechventures.com/certified-ethical-hacking-training-in-abujanigeria/

Check out over 30 Professional IT Courses in Nigeria here >>> https://www.soutechventures.com/courses/

*** this article is for education purposes and for ethical hackers only| You must have permission to sniff a network

 

 

Click to start learning while you earn and grow…



Author: SouTech Team
Soutech Ventures is primarily an Information Technology Firm, which was created to be the numero uno in business promotion development & implementation, eBusiness & IT systems integration and consultancy industry of the Nigerian Economy and to partners worldwide. Our Core strengths are - Tech Trainings and Certifications - Data Analytics and Cybersecurity Solutions - Software Development & Deployment for SME & Govt. - Tech Internship, HR & Partnerships
This website uses cookies and asks your personal data to enhance your browsing experience. We are committed to protecting your privacy and ensuring your data is handled in compliance with the General Data Protection Regulation (GDPR).