Wireshark - The best open source network packet analyzer(Part I)
Himanshuz.chd 270004408M Visits (7101)
We all know that communication in the world of computers happens in terms of packets. The data gets broken into packets like IP packets and it travels through the network and reaches its destination where the packets are reassembled and the data is delivered to the application that is expecting it. Have you ever felt a need of using a packet analyzer to capture and analyze the packets that arrive at your machine or leave your machine? Well, if yes then I must tell you that most of the network administrators, network programmers, protocol engineers etc use packet analyzers to capture and analyze the incoming and outgoing packets for different purposes.
There are many packet capturing and analyzing tools available in market but there is a tool wireshark that leads the rest. Wireshark is by far the best GUI based open source packet analyzer.
Here in this article, we will understand :
What is Wireshark
Wireshark is a tool that can capture network packets (both incoming and outgoing) and present them in a GUI providing detailed information about each packet captured. This tool is extremely helpful for network administrators to know details like which all computers are trying to communicate with a machine. Also, while debugging any connectivity related issue, the details provided by wireshark capture comes in extremely handy.
This tool is also used by protocol implementors to test whether a particular protocol packets are being correctively formed or not. Wireshark is also used in case of debugging by software developers in case they want to know how a packet arrived on wire and whether it was changed by an application or not?
Where to get Wireshark
The official download page of wireshark is here. This page lists the different download packages for different OS. If you use a Linux OS that is not listed here, you can download the source code, go through its readme file and compile the code to build the binary.
For Ubuntu users (Like me) you can also get Wireshark from 'Ubuntu Software Center'.
Once you download and open Wireshark, It looks something like this :
How to use Wireshark
Using Wireshark is not rocket science. A couple of configuration steps and your Wireshark is ready to capture packets. Here are the few steps to get your Wireshark up and capturing in a basic mode :
So you can see that this way we can use Wireshark easily.
Wireshark MisconceptionsLet's discuss a couple of misconceptions about wireshark to understand what wireshark is not.
In the Part II of this series, we will understand how Wireshark's display filters work!!