Wireshark (Ethereal) to manage and troubleshoot network

Wireshark (used to be known as Ethereal) is a open source GUI network protocol analyzer freeware. As packet analysis is important in trouble shooting and managing network, Wireshark is use regularly by network professionals, security experts, developers, and educators around the world to see and understand raw protocols on the wire.

Typically a network administrator will use Wireshark to troubleshoot network problems, the network security engineers use it to examine security problems, developers use it to debug protocol implementations and students may use it to learn network protocol internals.

Wireshark is able to inspect hundreds of protocols, with more being added all the time. It lets you interactively browse packet data from a live network or from a previously saved capture file. Packets captured are displayed with very detailed protocol information.

Wireshark's native capture file format is libpcap format, which is also the format used by tcpdump and various other tools. However, it is able to read and write using many other capture file formats like Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer (compressed and uncompressed), Sniffer Pro, and NetXray, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others. Capture files which are compressed with gzip can be decompressed on the fly in Wireshark.

Like other protocol analyzers, Wireshark's main window shows 3 views of a packet. It shows a summary line, briefly describing what the packet is. The second view is showing packet details which allows user to drill down to exact protocol or field. Finally, a hex dump shows the user exactly what the packet looks like when it goes over the wire. Coloring rules can be applied to the packet list for quick, intuitive analysis. Below is an example of Wireshark's main window after packets have been captured.


Live data can be read from devices such as Ethernet, Token Ring, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Frame Relay, FDDI, and others.

Wireshark is also having the decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2.

The output of Wireshark can be exported to XML, PostScript, CSV, or plain text.

Wireshark is available in all major modern operating systems like Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others. Installation process for Wireshark is fairly simple. For Windows system, you will need to install WinPcap capture driver (it is built into the Wireshark installation package) together with Wireshark as packet capturing in Wireshark is performed with the pcap library. WinPcap interacts with Windows OS to capture raw packet data, apply filters, and switch the network interface in and out of promiscuous mode.

You may download Wireshark from the official Wireshark web page.

Comments

Popular Posts