Wireshark is a free tool for finding, detecting, and tracking packet sniffers. In other words, it helps you “sniff” (the IT term for sniffing) a packet of data. Once you have sniffed the data, you can then use tools to further analyse it. The biggest advantage is that you can look up IP addresses, username, or any other relevant details about the user behind the sniffed data. Also, you have an open option to send the data captured to your regular mail box or your FTP. All from just one click.
Wireshark offers many useful capabilities for packet filtering and monitoring. By default, Wireshark has an easy-to-use filter window feature. It lets you set up a number of “filter windows” to capture different types of traffic. For example, you can set up one or more capture windows for FTP, Telnet, or SMTP traffic.
Wireshark also offers a Network Diagnostic tool. With this feature, Wireshark can diagnose your network protocols. It displays Wireshark packets that match a certain pattern, compares the version number of the packet to the version number of the protocol, and reports on trouble codes that indicate problem areas such as security flaws. This information can help network administrators pinpoint problems and avoid costly repairs.
In addition, Wireshark offers several powerful features for inspecting the “packet tree.” Packet trees are simply a list of all the packets (outbound and inbound) that enter your network over a certain port. By setting up a packet tree, you can view all the inbound traffic going into your LAN. You can determine which packets are legitimate traffic, and which ones are trying to infect your system. With Wireshark, you can even examine the packets that are leaving your system.
Another useful feature of Wireshark is its Real Time Transfer mode, which allows you to easily determine how much of an IP packet transferred during the course of its journey through your network. Most Wireshark clients come with a special packet capture device that allows you to capture data that is in real time. Real time transfer allows you to see the details of each step of the transfer process. You can see how long a DNS request took, for example, or how many times a TCP connection has been established.
Even if you aren’t familiar with Wireshark yet, creating filters for your Wireshark campaigns will soon become second nature. Creating Wireshark filters is a very simple process. You create a Wireshark filter with one or more Wireshark clients, then select which packets to capture for further analysis with Wireshark. If you create a simple filter and apply it to one interface (PC), and then apply another filter to the same PC and another (management) interface, you’ll end up with two Wireshark filters on the two PCs. Each of the PCs will respond to the Wireshark packets as if the request had been sent from the user’s perspective.
While Wireshark allows you to easily identify and capture all traffic that comes into or leaves a wireless network, the program isn’t designed to be a packet sniffer. Wireshark isn’t intended to intercept or decipher any wireless protocol; instead, it parses any Wireshark-formatted data for realtime processing. By default, Wireshark captures all traffic that arrives on any of its enabled interfaces.
When creating filters for Wireshark, you can create flexible rules for easy configuration and monitoring of your Wireshark traffic. With Wireshark, you have a number of different options for configuring the capture and decoding of your captured packets: Wireshark packets can be captured as simple packets or as packets containing multiple segments. You can even define the time for which a packet is saved between saves, or you can store a packet in its respective state between capture and decode times, or you can even specify a time limit on a connection. Some Wireshark packages also include support for traffic shaping, which lets you send some packets to some receivers and discarded others. Wireshark supports the compression and decompression algorithms used by some web servers, and it has the capability of creating filters that can be used for both FTP and HTTP traffic.