Wireshark(Network Protocol Analyzer)


Wireshark and components – what does it do and how?
Wireshark is a network monitoring tool which also called as network protocol analyzer or sniffer. It is free and open source tool. It is used for network trouble shooting and analysis. Wireshark is a cross platform based, it runs on many operating systems like Linux, MacOS, BSD, Solaris, Microsoft Windows etc. There is also a terminal version of wireshark which is called as TShark. Wireshark uses pcap to capture packets form the network. It is used for examining the details of traffic in the network. The information of the packet which is captured can give its transmit time, source ip address, destination ip address, protocol type, header data etc. So this information can be use in security and troubleshooting issues. The wireshark will display the information in three types of panels which are Packet list panel, Packet details panel, Packet byte panel. The packet list panel are the colored lines which are displayed at the top. The packet detail panel will display the details of the packet. The packet byte panel will display the information in bytes. Wireshark also has some integrated sorting and filtering option. The filtering option is for filtering the particular packets from huge amount of packets which are travelling in the network. Wireshark ask the user to put the interface so that it can monitor the packets which will flow. The trace file format in the wireshark’s network is libpcap format which is supported by libpcap and WinPcap. Basically Wireshark will observes the messages which are being sent and received by applications and the protocols running on our computers but it never sends the packets itself. The packet sniffer is consist of two parts they are packet capture library and packet analyzer. The packet capture library will receive a copy of every frame which is to be send from and  to be receive by our computer. The protocol which are used are HTTP, FTP, TCP, UDP, DNS, IP, ICMP which encapsulate the messages which travelled over physical media like Ethernet cable. The second part which is packet analyzer who displays the contents of all the fields of the protocol message. To do this the packet analyzer must understand the structure of all the messages which are exchanged by all protocols. For example, If we want to display the messages which are exchanged by the HTTP protocol, first the packet analyzer will understand the format of Ethernet frames and then it can identify the IP datagram within an Ethernet frame. It also understands the IP datagram format, in which it extract the TCP segment.




      How can Wireshark help system administrators?
Basically wireshark is network monitoring or analyzing tool also called as Packet Sniffers. Because its sniffs packet from the network. The system administrator uses it for monitoring the network and troubleshooting the network. Generally wireshark lets you capture and read the network packets in various ways. In total there are 70 protocols and protocol families which are supported by wireshark. It is very intelligent tool, it provides the information in bit/frame/packets regardless how small or large network is, Because of wireshark we get better understanding on how the bits are set of different fields in a packet header.

 


Comments

Post a Comment

Popular posts from this blog

Snort (Intrusion Detection System)

Snort is a rule based IDS. Snort works in three different modes which is as follows:     1) Sniffer Mode     2) Packet Logger Mode     3) Network Intrusion Detection Mode 1)       Sniffer Mode : Sniffer Mode allows you to dump data in the header and body of each packet to the screen when you are running Snort. To start the snort for displaying all application data, enter the command as follows: ./snort –d                     -> works in most of the version of snort ./snort –dv                  -> for getting an error message 2)       Packet Logger Mode : Packet Logger Mode is different from Sniffer mode because the packet data and headers are written to the hard drive of host on which the ...
Read more

Web Security

Things which can protect your system from intruders          1.  Keep platform up-to-date : It is one of best things that you can do to protect your website from intruders, you just have to make sure that installed platforms scripts are up-to-date. It is found that many of these tools are created as open-source software programs, so their code is easily available to black hat hackers. This code can be used for both in good intention by developers as well as bad intention by hackers. Developers will resolve the bugs and hackers will look for any security loopholes which will allow them to exploit the platform or any script. For an example, if anyone is running a website on WordPress, then the WordPress installation and plugins which are installed may be potentially vulnerable to attacks. Just make sure that you are using the newest version of platform and scripts, which will help minimizing the risk.   ...
Read more