Table of Contents
Wireshark Definition
Wireshark is a multiplatform tool with a graphical interface for network analysis, a product of Ethereal’s evolution.
It includes the Tshark tool in console mode for captures, network analysis, among other possibilities. And also, when using pcap libraries, its use is similar to Tcpdump and Windump.
In addition, this allows you to see, even at a low and detailed level, check everything that is happening on the network. It is open-source and cross-platform.
The often use of it is as the best option when auditing networks usually Ethernet networks and is compatible with some others.
Use of Wireshark
- Administrators use it to solve network problems
- And also, engineers use it to examine security problems
- Developers use it to debug the implementation of network protocols
- Students use them to learn internally how a network works.
Features
- Available for Linux and Windows
- Live packet capture from a network interface
- Show packages with detailed information on them
- Open and save captured packages
- Import and export packages in different formats
- Filtering packet information
- Highlighting packages depending on the filter
- Create statistics.
Advantages
Among its qualities, we find an enormous versatility that leads it to support more than 480 different protocols. Besides, to the possibility of working with both data captured from a network during a session with previously captured packets that have been stored on the hard disk.
In addition, Wireshark supports the standard format of TCP dump files, is capable of rebuilding TCP sessions, and also a complete graphical interface supports it, which greatly facilitates its use.
Wireshark graphic interface
Parts of the Wireshark Window
The graphic interface of Wireshark divides into the following sections:
- Toolbar: It shows all the options which are to do on the pre and post-capture.
- Main toolbar: There are the most used options in Wireshark.
- Filter bar: Area where filters are applied to the current capture quickly
- Package List: Shows a summary of each package that is captured by Wireshark
- Package details panel: Once you have selected a package in the package list, it shows detailed information about it.
- Packet bytes: panel Shows the bytes of the selected package. And also highlights the bytes corresponding to the chosen field in the package details panel.
- Status bar: Brief information about the current status of Wireshark and the capture.