Introduction to wireshark
Introduction to wireshark :- Wireshark is a widely used open-source network protocol analyzer that allows users to inspect and analyse network traffic in real-time. Originally known as Ethereal, it was renamed Wireshark in 2006. It is available for multiple platforms, including Windows, macOS, and various Linux distributions, making it accessible to a broad range of users.
Key features and functionalities of Wireshark include:
1. Packet Capturing: Wireshark captures packets traveling through a network interface or read from a previously captured file. It can analyse a wide range of network protocols, such as TCP, UDP, IP, HTTP, FTP, DNS, and many others.
2. Real-time Analysis: Wireshark provides real-time analysis, allowing users to monitor network traffic as it happens. This feature is invaluable for troubleshooting network issues and identifying potential security threats.
3. Detailed Inspection: Users can drill down into captured packets to examine their contents, including the headers and payload of various protocols. This level of granularity helps in understanding network behavior and identifying anomalies.
4. Filtering and Search: Wireshark supports powerful filtering and search capabilities, allowing users to focus on specific types of traffic or search for particular data patterns within captured packets.
5. Protocol Decoding: The tool can interpret and display various network protocols, making it easier for users to comprehend the information exchanged between different devices on the network.
6. Statistics and Reports: Wireshark provides various statistics and reports on network traffic, helping users to understand overall network performance, identify potential bottlenecks, and assess the health of the network.
7. Extensibility: Wireshark supports custom plugin development, enabling users to create their dissectors and extend the tool’s capabilities to analyze specialized or proprietary protocols.
Wireshark is widely used by network administrators, security professionals, and developers for various purposes, including network troubleshooting, network optimization, network security analysis, and protocol development. Its user-friendly interface and powerful analysis capabilities make it an essential tool for anyone involved in network-related tasks. However, it’s important to note that Wireshark should be used responsibly and ethically, as capturing network traffic may involve privacy and legal considerations. Always ensure you have appropriate authorization and consent before capturing and analyzing network traffic.
Wireshark is a free application that allows you to capture and view the data traveling back and forth on your network, providing the ability to drill down and read the contents of each packet – filtered to meet your specific needs. It is commonly utilized to troubleshoot network problems as well as to develop and test software. This open-source protocol analyzer is widely accepted as the industry standard, winning its fair share of awards over the years.
Originally known as Ethereal, Wireshark features a user-friendly interface that can display data from hundreds of different protocols on all major network types.
Winpcap : Windows Packet Capturing Manager
USBpcap : USB extension for saving .cap file to usb drives.
Download : https://www.wireshark.org/download.html
Packet List : in wireshark
Time: The timestamp of when the packet was captured is displayed in this column.
Source: This column contains the address (IP or other) where the packet originated.
Destination: This column contains the address that the packet is being sent to.
Protocol: The packet’s protocol name (i.e., TCP) can be found in this column.
Length: The packet length, in bytes, is displayed in this column.
Info: Additional details about the packet are presented here. The contents of this column can vary greatly depending on packet contents.
Filters: in wireshark
Filtering on the basis of IP
= ip.addr == IPADDRESS
For Filtering particular “source”
1. ip.src == 192.168.43.43
For Filtering particular “protocol”
Using multiple Filters
3. dns && ip.src == 192.168.43.1
Filtering particular Destination
4. ip.dst == 192.168.43.43
Filtering Multiple Sources (Both Condition should be True)
5. ip.src == 192.168.43.43 && ip.src == 192.168.43.1
Filtering Multiple Sources (Any Condition should be True)
6. ip.src == 192.168.43.43 || ip.src == 192.168.43.1
Either this address in source or destination
7. ip.addr == 192.168.43.43
Not Condition (Dont want to view this source)
8. !(ip.src == 192.168.43.43)
Mutiple filters and both should be true as this is having &&
9. ip.src == 192.168.43.43 && !(ip.dst == 192.168.43.1)
For filtering packets on basis of data it contains
10. tcp contains demo.testfire.net
For filtering pckets contains password
11. http.request.method == “POST”