What is Wireshark?

Wireshark is an open-source network packet analyzer. It is the world’s leading network packet analyzer, and an essential tool for security professionals or systems administrators, and also for teaching purposes. Network traffic is analyzed in real-time and is one of the best tools for troubleshooting issues on your network.

Wireshark is written in C, C# programming language, support multiple Operating Systems. The original author was Gerald Combs (a computer science graduate of the University of Missouri-Kansas City), It was initial released in 1998. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues. Wireshark is very similar to tcpdump but the difference is that it has a graphical user interface (GUI) and an integrated sorting and filtering options enabling the user to see all the traffic passing through the network.

Wireshark has rich features set including the following:

  • Live capture and offline analysis
  • Rich VoIP analysis
  • Read/write many different capture file formats
  • Capture files compressed with gzip can be decompressed on the fly.
  • Deep inspection of hundreds of protocols.
  • Standard three-pane packet browser
  • Captured network packets can be browsed via a GUI or TShark utility
  • Runs on Multi-platform.
  • Powerful display filters
  • Output can be exported to XML, CSV, PostScript, or as a plain text
  • Packet list can use coloring rules for quick and intuitive analysis
  • Live data reading and analysis for a wide range of networks (Ethernet, IEEE 802.11, PPP/HDLC, ATM, FDDI Bluetooth, USB, Token Ring, Frame Relay, and loopback).
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, Snmpv3, SSL/TLS, WEP, and WPA/WPA2.
  • Output can be exported to XML, PostScript, CSV, or plain text.

Wireshark has the capability of doing the following,

  • Packet Capture. Wireshark listens to a network connection in real-time and then grabs entire streams of traffic.
  • Filtering.By applying a filter to Wireshark, it’s possible to obtain just the information you need to see.
  • Visualization. It allows you to visualize entire conversations and network streams.

What Wireshark is not.

  • Wireshark is not an intrusion detection system (IDS).
  • Wireshark cannot help with decryption concerning encrypted traffic.
  • Wireshark cannot sniff traffic from all of the other systems on the network under normal circumstances.
  • Because it is easy to spoof IPv4 packets, Wireshark cannot tell you if a particular IP address it finds in a captured packet is a real one or not.
  • Wireshark cannot help you to understand how a network operates if you have little understanding of network protocols (TCP, UDP, ICMP, and DHCP).

As you can see, Wireshark is a powerful application and an essential tool for security professionals or systems administrators.

Leave a Comment

Your email address will not be published.