It’s been more than 20 years that Ethereal 0.2.0 (which today is known as Wireshark) was announced. Authored by Gerald Combs, Ethereal is a network analyser that is used to capture and browse the contents of Ethernet frames. It also lets the user read packet data file, or live from a local network interface.
Since inception, this incredible network tool has gained tremendous popularity. Today, if you ask any professional from the cyber security domain about the most famous network analyser in the world, they would definitely Wireshark without a doubt. Today, Wireshark lets you see what’s happening on your network at a microscopic level. It is the de facto standard across many industries and educational institutions.
Being a top-notch network analyser, Wireshark is packed with some of the most class-apart features. The tool can be used on multiple platforms — Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others. Also, it is designed and built in such a way that it can look up and inspect hundreds of protocols and captured network data that be browsed with a GUI. That is not all, Wireshark has most powerful display filters in the industry.
In this article, we will have a look at the nuts and bolts of Wireshark and how this incredible tool is used.
Download and Install
Being an open source platform, Wireshark is also free to use. While Wireshark comes installed with Kali Linux, for Windows and Mac OS one has to download and install it. The setup file is available on Wireshark’s official website along with the official source code of the tool.
If you are installing Wireshark on a Windows machine, you will have to install WinPcap. If in case you don’t know what is WinPcap, it is a tool dedicated to windows systems for link-layer network access. This tool allows applications to capture and transmit network packets bypassing the protocol stack. In the older version of Wireshark, WinPcap had to be installed manually, however, in the latest versions of Wireshark, WinPcap is included.
Capture And Inspect Data Packets
When we are working with Wireshark, capturing data packets is the core thing. Once done setting up your Wireshark platform, all you need to do is launch the tool and double-click on the name of a network interface under Capture to start you capturing data packets on that interface. Wireshark is so capable of capturing packets that once you click, the tool starts picking up each and every packet that is being sent to or from your computer.
Words to the wise: When you first get started with Wireshark, it might be a little confusing on how to capture packets. However, with the time you gain enough experience to determine and analyse different types of data packets.
Capturing packets is one thing, but you also have to analyse and inspect the data packets that you captured. Wireshark comes with Standard three-pane packet browser and inspection of data packets also includes these three panes.
Packet List: This is the first pane where each line in the packet list represents one packet. This pane displays information such as the source of the packet, the destination, the protocol involved etc.
Packet Details: This is the second pane of Wireshark that shows more information about the packet captures. When you click on a packet from the packet lists, it will display the protocols and protocol fields. That is not all, it also displays additional protocol information which isn’t present in the captured data.
Packet Bytes: This is one of the most important panes among all the three panes. It displays the data of the captured packet — data offset, sixteen hexadecimal bytes, and sixteen ASCII bytes (non-printable bytes are replaced with a period (“.”). Note: data is displayed in hex dump style.
Bottom Line
Capturing and inspecting data packets is not the only thing that Wireshark does. Being the best tool for network analysis, it is also capable of colour coding and filtering — it is an extremely powerful platform. However, data packet capturing is at the core of Wireshark and is widely used for this feature.
Over the years, the tool has evolved in such a way that it has become a go-to tool for most of the cybersecurity professionals across the world. Whether it’s about finding loopholes in the network or inspecting what is happening on the network.
If you are enthusiastic about cybersecurity and network, then Wireshark is definitely one such tool that you need to try.