Wireshark software is the best free network sniffer and protocol analyzer for Mac, Windows, and Linux operating systems. This application comes installed by default on all computers powered by Linux OS.
To use it on Windows or MAC PC, users must download Wireshark from its official website, and they’ve to install it manually. Wireshark is used by network engineers and administrators in 1000’s of organizations. It is also used in many top Universities, schools and colleges to keep an eye on online activities of students.
This application is powerful, and it requires very less system/storage memory. This article will make you aware of the top features of Wireshark. It will also guide you in using the core features of the software.
Please do note that to understand the features of this packet sniffer, you should have basic knowledge of computer networks.
Tutorial to use Wireshark
Installation
Download the 23 MB setup file of WireShark software and run it on your Windows PC. The setup will install the core application and its tools, user-guide. It will also install tshark utility, WinPcap, and some useful extensions/plugins. Wireshark uses pcap to sniff network packets. So don’t forget to check the WinPcap box when the setup prompts you to install it.
If you don’t install WinPcap, you want to be able to run this software. The installation process will make all network configuration files stored on your computer compatible with Wireshark. The software takes less than 85 megabytes of storage space on Linux, Mac & Windows PC.
How to sniff network traffic using Wireshark?
If you want to use this packet analyzer in an organization, make sure that you have the permissions to do so. Failing to get permissions may put your job on the line.
If you’re using it on your PC, you should run Wireshark as an administrator. Antivirus or firewall software can block Wireshark from accessing the network data. Thus, you should add a firewall rule to white list Wireshark.
When you run this network sniffer on MAC, Linux or Windows PC, please select interface option from its capture menu. If you do this, Wireshark will display a dialog box with details, start, stop, help buttons.
The box also includes a list of network connections available on your PC. If any link is active, this software will make you aware of it by displaying packets sent and received for that connection.
If you click on details button, you’ll get complete information on the selected network interface. The options button in the dialog box will assist you in setting filters for network analysis.
Start button will force Wireshark to capture network traffic. The captured packets will be shown on the WireShark’s main window along with its protocol, length, source, destination, packet no, and time.
Users can save the captured network traffic details on their computer’s storage memory by clicking on Wireshark’s file menu. You can also load a configuration file through Wireshark’s import from hex dump utility.
Setting Coloring rules:
As various types of packets are sent over the network, it can be difficult for administrators to find a particular packet. To solve this problem, users can set coloring rules in Wireshark. This feature is very useful as it can make you aware of DOS attacks, HTTP 404 errors, bad packets, network connection failures and errors in real time.
Filtering network traffic:
The sniffed network traffic can be easily filtered in Wireshark. To use this feature, users should enter a word in the filter box, and they’ve to hit the return key on their keyboards. If you want to know what data was transferred or received through a particular protocol, you can use follow stream feature in Wireshark.
This software also includes an expert info utility that displays packet errors, warnings, stream in a tabbed pane. Expert info utility will display packets that are sorted in an ascending order of their no. This utility will also show packet summary and count. You can access this utility from Wireshark’s Analyze menu.
Telephony Protocols
This free packet sniffer has an inbuilt tool that displays all VoIP calls made over the network. The displayed data is accurate and it includes information on VoIP call’s start, stop time, first speaker, caller, receiver, protocols, packets, and state.
This software comes with an inbuilt VoIP voice data player. Thus, you can easily hear the conversation between the receiver and the caller. This is not it! Wireshark can track network traffic of all popular telephony protocols like SIP, WAP, GSM, LTE, etc.
This is one of the most useful tools in Wireshark as it makes administrators and engineers aware of all people that are misusing the network connection.
Protocol management:
Wireshark can analyze network traffic of more than 500 protocols. Users can configure this software to ignore all/some protocols through its enabled protocols utility. You can access this tool through Wireshark’s Analyze menu.
Monitoring WLAN Traffic
If a network connection at your place is established using WiFi/WLAN modules, you can use Wireshark to get details on WLAN session id’s, beacons, protection technology, authorization details,…etc.
Graphs
This free network protocol analyzer can generate i/o, time sequence and network flow graphs on the fly. The charts can be saved as a file on a single click of a button.
CPU and RAM usage
When Wireshark was active on my Windows 7 PC, it used less than 100 megabytes of RAM and ROM. This is impressive! The software worked flawlessly. It generates reports instantly without any issues.