Today we got curious topic about introduction to Wireshark-a powerful tool.
Wireshark is a free tool available to analyze the traffic flowing across the network. It is also there for windows operating system and you can download it for free from the website: http://www.wireshark.org/download.html . Installation steps are few and easy to handle. This tool is not only packet sniffer, but we can do a lot more with this tool. It is a collection of utilities which help us to find the malicious activities in our network.
It can capture packets on more than one interface at a time. It differentiates packets by time, protocol, source-destination address and type of query or method used. It displays a lot of information about single packet and re-assembled packets at the destination host. It is able to interpret some attributes automatically to make the task easy for security analyst. Also, it can police packets with their field values and displays malicious packet in alerting colors. We can store packets in backups for later review to measure the activities.
Getting familiar with this tool is not cumbersome. Try to play with the tool and much more you can explore. However, there is a good tutorial online to get help for its standard operation on website: http://www.wireshark.org/docs/
We can select interface to capture packet travelling on it and get detailed information about every packet flowing with associated Hex values. Detailed information is divided by network layers and end of all application data is appended in form of queries, answers or data. When collections of packets in a pool get gathered, then filter can help you to exclude unwanted packets by means of source, destination address or protocol. Further, we can exclude some protocols from enable protocol menu item under Analyze tab.
To conclude, Wireshark is powerful network protocol analyzer tool to help us notify about malicious activities and unauthrized packets flowing in our network.
No comments:
Post a Comment