Using Wireshark

There can be instances where we may require analysing the network traffic so as to find the cause of the problem.  To do this we can use WireShark.  

Wireshark is a network protocol analyzer. It is "free software", you can download from

http://www.wireshark.org/download.html

Following are the steps that may be helpful in using Wireshark:

1. First select the network interface you want to listen for the traffic.

For that either click 'Interface List' on the main window or go to Capture Select Interfaces Select Options…  Select an appropriate network interface

2. Click 'Start' button  You will see the network traffic for that interface in the window

3. Filters can be applied so as to view only packets that are of importance.

To apply a filter write the filter expression in the Filter Window  Press 'Enter' or 'Apply'.

Some common filters are:-

1. ‘tcp’ = for viewing TCP packets only.
2. ‘udp’  = for viewing UDP packets only.
3. ‘sip’ = for viewing SIP packets only.
4. ‘ip.src == <ip address>’ = for viewing traffic coming from a specific ip address only.
5. ‘ip.dst == <ip address>’ = for viewing traffic going to a specific ip address only.

4. Once we have captured the packets, we can stop listening to network traffic by pressing 'Stop' button or by going to menu 'Capture Stop'.

All the filters can be applied together with different logical operators like '&&' for 'And' operation, '||' for 'Or' operation, '!' for 'Not' operation etc.

There are many other filters that may be used. Please refer to Wireshark help for more details.

5. To Analyse a packet  Select the packet you want to view  its information will then be displayed in the middle pane.

 You can then click on any item in middle pane its information will be displayed in the bottom pane.

6. To copy any data 'bytes' Right click on that data Go to Copy Bytes  Printable Text Only (This will copy the data in a readable text form)