Wireshark
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.
Software Installation
Wireshark is open-source software and you can easy to download and easy to install.
Unix and Linux Installation command
sudo apt-get update
sudo apt-get install wireshark
sudo wireshark
Note : WinPcap require for installation. WinPcap has been recognized as the industry-standard tool for link-layer network access in Windows environments, allowing applications to capture and transmit network packets bypassing the protocol stack, and including kernel-level packet filtering, a network statistics engine and support for remote packet capture.
Introduction of Wireshark
Wireshark is a GUI based software. Wireshark workstation have four type of monitoring field.
1) Traffic Filter Command Field
There are some stander filter command and user specific filter command by using these command we can filter and operate the traffic monitoring field.
2) Traffic Monitoring Field
This traffic monitoring field is operate by user filter command. By using Traffic filter command we can monitor the real time running traffic in the network. It means all running result in Traffic Monitoring Field is dependent on traffic filter command.
3) Packet Monitoring Field
This packet monitoring field display the selected packet information which select from the traffic monitoring field. When you select the specific packet which display in traffic monitoring field then packet monitoring field display information about packet source IP and MAC and destination IP and MAC and also display about protocol TCP/UDP. Packet Monitoring Field information depends on selected packet display on Traffic Monitoring Field.
4) Data Monitoring Field
This Data Monitoring Field display the information about data which packet information has displayed on Packet Monitoring Field.
How to use Wireshark in Real Scenario
If you have knowledge about network tap to you can easy to use the Wireshark.
Step 1 : Tap the network and connect to PC.
In case of point 2 point network we require wire tap techniques using tap device for RJ-45 and Fiber cable.
In case of broadcast domain like network switch we require a mirror port.
In case of Cisco
Switch(config)# no monitor session 1
Switch(config)# monitor session 1 source interface fastEthernet0/1
Switch(config)# monitor session 1 destination interface fastEthernet0/10 encapsulation dot1q
Switch(config)# end
Step 2 : Now open the wire shark and monitor the traffic according to your requirement. In this blog we discuss two type of traffic monitoring. UConfigIT categories the monitoring in two part.
1. Host Monitoring - In this monitoring techniques by using administrator tool we can monitor the specific traffic generated by specific host.
2. Network Monitoring - In this monitoring techniques by using administrator tool we can monitor the specific network traffic.
Basic filter in Wireshark
According to monitoring method there are two way of monitoring filter.
Host Traffic Filter(Wire Shark)
In this monitoring method we analysis the host traffic.
Network Traffic Filter(Wire Shark)
In this monitoring method we analysis the network traffic.
Basic LAB in Wireshark
Step 1: Open the wire shark and select the traffic gateway and enter the filter icmp
Step 2: In this lab all icmp traffic generated by system and monitor by same system. All icmp traffic generated for google server.
ping -4 www.google.com
Step 3: Executed this command which given in Step 2 and monitor the traffic.
Step 4: Analyze the traffic
Step 5: Now monitor the traffic and packet
Thanks
