Wireshark Basic Tutorial

In 2008, Wireshark is arrived after ten years of development. Wireshark is a tool use to analyze the packet in the network. This tool captures the packet flow in the network and displays the data of that packet in detail to analyze them. Wireshark is also known as network packet analyzer, as the name suggest this tool is use to examine that what is going inside the network like what type of packets were flow in the network. The network packet analyzer tools were very expensive in the past and but now a days wireshark is the best open source tool available to analyze the packet.

Wireshark have so many features like it is available for both the operating system like UNIX and Windows. It also captures the packet data that are flow within the network. Wireshark imports the packets from the text files containing hex dumps of packet data. The packets which were captured from the interface of the network is display in detailed information and save them. It also filter the packets on many criteria, colorize the packet display and make various statistics.

Purpose of Wireshark

Wireshark tool is used for many purposes but people mainly use this tool for:

•          It is used to troubleshoot the network problem.
•          It is used to scrutinize the security problem.
•          It is used to debug protocol implementations.
•          It is also used to learn network protocol internals.  

Wireshark software has been developed to work on many operating systems like Microsoft Windows, Linux, Solaris and Mac OS X. The wireshark strength in market is increased due the support in these OS. On a computer or Windows network, it must be used along with the WinPCap application, the full form of which is Windows Packet Capture. This software allows the capturing of packets in Windows, and those files can then be analyzed using Wireshark. Similarly, Wireshark can be used to view packet information obtained by many other packet capture programs.

Fig (1)

This figure shows the structure of packet sniffer which is use to sniff the packet in the network. In this figure there are some internet protocols and application. And on other side there is packet sniffer which consist two things packet analyzer and packet capture (Pcap). Pcap receives links which is sent or receive by computer. And the message is transmitted using the protocols like UDP, HTTP, TCP, FTP and etc. These protocols are encapsulated in link-layer frames and it operates in computer using Ethernet cable, 802.11 wireless LANs, FDDI, Token-Ring.

Where to use Wireshark:

In the wireshark tool we first have to decide where to capture the packets and do analysis on it like if there is a situation in which there are many switches, file server and number of terminals. If by any unknown reason the performance of the network is drop and there is not any malware detection tool or system like intrusion detection system and in that local area network transfer rate of file have no problem. And there is also not any netflow protocol which helps to analyze the traffic remotely. So this is the situation where we can use wireshark.

Procedure for capturing and analyzing data:

      1)      The very first step is starting the wireshark then you should see the home screen.

Fig (1)

2) Then the second step is to select the interface that is being used for internet connection and then click on start.

Fig (2)

Fig (3)

3) Now start running your web browser and use it normally to browse webpage’s. In figure 4 it shows that how the packets are being captured.

Fig (4)

4) After a minute or so, go to capture and stop capturing of the packets as shown in Figure-5

Fig (5)

These are the procedure to capture the data through wireshark now let’s see how these packet were analyze.

5) Now to analyze the packet we can filter the packet out from this collection of packet, to do this we have to use this filter tool in wireshark as shown in the figure.

Fig (6)

7) Now, analyze the packets that are listed. If you select any packet in the list, the details about that particular packet will be displayed in wireshark we have to just double click on that packet then the dialog box is open which tells all about that packet as shown in Figure-7.

Fig (7)

These all procedures which show that how the wireshark tool uses to capture the traffic or packet in network and then how can you analyze these packets.