What is Wireshark and How does it Work?

What is Wireshark and How does it Work

What is Wireshark?

Wireshark is a free and open-source packet analyzer. It is used for network education, analysis troubleshooting, software, and communications protocol development. Wireshark originally named Ethereal, due to trademark issues in May 2006 the project was renamed Wireshark.

How does Wireshark work?

Wireshark is a packet sniffer and analysis tool. It captures data of traffic on the local network and stores that data for offline analysis. Wireshark captures network traffic from Ethernet, Bluetooth, Wireless, etc.

You Can Download here :– https://www.wireshark.org/download.html
Wireshark for Windows

Wireshark comes in two flavors for Windows, 32 bit and 64 bit. Pick the correct version for your OS. The current release is 3.2.2 as of this writing. The installation is simple and shouldn’t cause any issues.

Wireshark for Linux

Installing Wireshark on Linux can be a little different depending on the Linux distribution. If you aren’t running one of the following distros, please double-check the commands.

 Ubuntu

From a terminal prompt, run these commands:

  1. sudo apt-get install Wireshark
  2. sudo dpkg-reconfigure Wireshark-common
  3. sudo adduser $USER Wireshark

Kali Linux

Wireshark is probably already installed! It’s part of the basic package. Check your menu to verify. It’s under the menu option “Sniffing & Spoofing.”

Mobile Hacking — How to Hack an Android Phone?

Data Packets on Wireshark

Capturing Data Packets on Wireshark

  • When you open Wireshark, you see a screen that shows you a list of all of the network connections you can monitor.

Wireshark Network Analyzer

  • Click the first button on the toolbar, titled “Start Capturing Packets.”Wireshark - Start Capturing packets
  • You can select the menu item Capture -> Start.Wireshark - Capture - Start
  • During the capture, Wireshark will show you the packets that it captures in real-time.Wireshark - Captures in Real-Time

Once you have captured all the packets you need, you use the same buttons or menu options to stop the capture.

Analyzing Data Packets on Wireshark:-

  • NO : This is the number order of the packet that got captured.
  • Time: This column shows you how long after you started the capture that this packet got captured.
  • Source: This is the address of the system that sent the packet.
  • Destination: This is the address of the destination of that packet.
  • Protocol: This is the type of packet, for example, TCP, DNS, DHCPv6, or ARP.
  • Length: This column shows you the length of the packet in bytes.

Wireshark Filters

One of the best features of Wireshark is the Wireshark Capture Filters and Wireshark Display Filters. Filters allow you to view the capture the way you need to see it so you can troubleshoot the issues.

Wireshark Capture Filters

net 192.168.0.0/24: this filter captures all traffic on the subnet.

dst host IP-address: capture packets sent to the specified host.

port 53: capture traffic on port 53 only.

About

Codec Networks provides IT Trainings from EC Council CEH ECSA, LPT, CHFI, Network Security, Penetration Testing, ISACA, ISC2, PECB ISO 27001LA LI, Cisco Networking CCNA CCNP, Linux Administration RHCE, Prog Languages JAVA, Advanced Java, android development. We also offer B2B Industry Solutions and Services in IT | Information|Cyber Security in Delhi NCR India.

View all posts by

Leave a Reply

Your email address will not be published. Required fields are marked *