Network Packet Analyzer
Wireshark is an open source network packet analyzer (previously known as Ethereal).A network packet analyzer captures packets from various interfaces, NICs, etc.Captured packets can be used to troubleshoot network problems, analyze networksecurity or involved protocol.
Available for both Windows and most of the Unix platforms. Has theability to capture live packet from different type of network such as Ethernet, ATM,Token ring etc. Can provide details such as packet source and destination addresses,interface type, frames lengh etc. It is able to filter and capture packets according touser requirements as well as visualise specific packets using colouring.
Installing Wireshark on Windows platform is very much straight forward. It can beinstalled from the installation package (.exe file). However, Wireshark needs apacket capturing driver installed on the system such as
for MS-Windowsplatform or
for Unix plaftorm.
Thus, they must be present in the system orhave to be installed together with Wireshark.
3. Packet Capturing
general, a root/administrator privileges are required to capture packet on anetwork. To start packet capturing you need to select a local interface. It is possibleto run multiple wireshark instances simultaneously to capture different interfaces atthe same time.
Excercise 1: Capture live packet
‘Capture Interfaces’ dialog box willdisplay all local interface cards (Fig. 1) that can be captured. Before startcapturing let’s have a look at options.
3. Select an interface from the first drop down list box you want to capture.
‘Capture packets in promiscuos mode’ if you want to capture packetsfrom LAN broadcast.
to only capture packets to and from that specificcomputer.