How long you let your capture run depends on what you need to study.
Wireshark color-codes the entries for your convenience by flagging “interesting” packets, such as TCP retransmissions, with different text and background colors.
Whenever you start your capture, the packets are logged on-screen in a table showing basic information (source and destination, protocol, time, etc.) in column headers. The Capture -> Options choice allows you to specify several options before you begin, including limiting your capture with filtering rules (such as by particular protocols or IP address only), automatically stopping the capture after a specified amount of time, or splitting the file automatically into separate time- or size-dictated files. You can start a new network capture session from the “Capture” menu Capture -> Interfaces brings up a dialog box showing all of the interfaces Wireshark has detected, plus the pseudo-device “any” that captures from all of the above. You should check the compatibility matrix on the project wiki if you are using a peculiar network type - almost all Ethernet and WiFi cards in common usage will work without incident. The libpcap library performs the actual packet capture, and supports a large-but-not-infinite range of network devices. Mac OS X and Windows binaries are available as well, which you may need to analyze machines running those operating systems (more on that later).īecause it needs to switch the network interface into “ promiscuous mode” in order to capture all network traffic, Wireshark must be run as root. If not, you can download packages for several distributions on, along with the source. Considering its reputation as a useful administration tool, you will probably find it in your distribution’s package repositories. Wireshark is a GTK+ application, although the project also includes a console-based front end named TShark that features most of the functionality found in the GUI version. This weekend, why not take a look at your network traffic, and learn how to use Wireshark to your advantage? Typically it’s used as a forensics tool for troubleshooting network problems like congestion, high latency, or protocol errors - but you don’t want to wait until your network is in trouble to learn how to use it. Without any special hardware or reconfiguration, it can capture live data going in and out over any of your box’s network interfaces: Ethernet, WiFi, PPP, loopback, even USB.
Wireshark is an open source network packet analyzer.
0 kommentar(er)
