Versions Compared

Version Old Version 1 New Version Current
Changes made by

awimalasatya

Rich Lawson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Using Wireshark

There can be instances where we may require analyzing the network traffic so as to find the cause of the problem.  To do this we can use WireShark. 

Wireshark is a network protocol analyzer.  You can download it for FREE by clicking the logo below:

Image RemovedImage Added

Image Removed

 Image Added


Steps that may be helpful in using Wireshark: 


1.  Select the network interface you want to listen for the traffic.

For that either click 'Interface List' on the main window or go to Capture arrow.jpgImage Removed –>Select Interfaces arrow.jpgImage Removed SelectOptions… arrow.jpgImage Removed –>SelectOptions… –>Select an appropriate network interface

Image RemovedImage Added

 


2.  Click 'Start' button arrow.jpgImage Removed –>You will see the network traffic for that interface in the window

Image RemovedImage Added

3.  Filters can be applied so as to view only packets that are of importance.

To apply a filter arrow.jpgImage Removed –>write the filter expression in the Filter Window arrow.jpgImage Removed Window –>Press 'Enter' or 'Apply'.

...

  1. ‘tcp’ = for viewing TCP packets only.
  2. ‘udp’  = for viewing UDP packets only.
  3. ‘sip’ = for viewing SIP packets only.
  4. ‘ip.src == <ip address>’ = for viewing traffic coming from a specific ip address only.
  5. ‘ip.dst == <ip address>’ = for viewing traffic going to a specific ip address only.

...


4.  Once we have captured the packets, we can stop listening to network traffic by pressing 'Stop' button or by going to menu 'Capture arrow.jpgImage Removed –>Stop'.

All the filters can be applied together with different logical operators like '&&' for 'And' operation, '||' for 'Or'operation, '!' for 'Not' operation etc.

There are many other filters that may be used. Please refer to Wireshark Help for more details.

Image Removed

 Image Added


5.  To Analyse a packet arrow.jpgImage Removed  –>Select the packet you want to view arrow.jpgImage Removed view –>its information will then be displayed in themiddle pane.

arrow.jpgImage Removed You –> You can then click on any item in middle pane arrow.jpgImage Removed –>its information will be displayed in the bottom pane.

 


6.  To copy any data 'bytes' arrow.jpgImage Removed –>Right click on that data arrow.jpgImage Removed –>Go to Copy arrow.jpgImage Removed Bytes arrow.jpgImage Removed –>Bytes –>Printable Text Only (This will copy the data in a readable text form)

Image Removed

 Image Added


End of article.

If you wish to receive updates on this article, please click the 'Follow' button on top.