Wireshark Part 1

Wireshark Part 1

Wireshark is a free and open source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues. It is one of the important and handy tool in ethical hacking.

This article is just a reference module with all important necessary links who is interested to learn and refer during practice. I will keep this page updated while i learn some thing new. 

Wireshark is a data capturing program that "understands" the structure (encapsulation) of different networking protocols. It can parse and display the fields, along with their meanings as specified by different networking protocols. Wireshark uses pcap to capture packets, so it can only capture packets on the types of networks that pcap supports.

  • Data can be captured "from the wire" from a live network connection or read from a file of already-captured packets.
  • Live data can be read from a number of types of networks, including Ethernet, IEEE 802.11, PPP, and loopback.
  • Captured network data can be browsed via a GUI, or via the terminal (command line) version of the utility, TShark.
  • Captured files can be pro grammatically edited or converted via command-line switches to the "editcap" program.
  • Data display can be refined using a display filter.
  • Plug-ins can be created for dissecting new protocols.
  • VoIP calls in the captured traffic can be detected. If encoded in a compatible encoding, the media flow can even be played.
  • Raw USB traffic can be captured.
  • Wireless connections can also be filtered as long as they traverse the monitored Ethernet.
  • Various settings, timers, and filters can be set that ensure only triggered traffic appear.
  • Wireshark's native network trace file format is the libpcap format supported by libpcap and WinPcap, so it can exchange captured network traces with other applications that use the same format, including tcpdump and CA NetMaster. It can also read captures from other network analyzers, such as snoop, Network General's Sniffer, and Microsoft Network Monitor.

Home Page and Download Link - 

https://www.wireshark.org/

Display Filter Reference - (This is very helpful if you are fresh and starting to learn)

Wireshark's most powerful feature is its vast array of display filters (over 206000 fields in 2000 protocols as of version 2.2.3). They let you drill down to the exact traffic you want to see and are the basis of many of Wireshark's other features, such as the coloring rules.

https://www.wireshark.org/docs/dfref/

wireshark-filter - Wireshark filter syntax and reference - 

https://www.wireshark.org/docs/man-pages/wireshark-filter.html

Wireshark Developer’s Guide - 

https://www.wireshark.org/docs/wsdg_html/

Manual Pages -The following man pages are part of the Wireshark distribution. They are available via the man command on UNIX® / POSIX® systems and HTML files via the "Start" menu on Windows systems.

https://www.wireshark.org/docs/man-pages/

Intro and about the Wireshark environment with Hansang Bae from RiverBed

https://www.youtube.com/watch?v=U0QABcTD-xc

Wireshark Tutorial from "thenewboston" was very help full for me to learn in initial days,

https://www.youtube.com/watch?v=flDzURAm8wQ&list=PL6gx4Cwl9DGBI2ZFuyZOl5Q7sptR7PwYN

Leave a comment