How to Use Wireshark to Capture, Filter and Inspect Packets ?
When your computer is constantly connected to the Internet or to a network, it is vulnerable to attacks and malware infections. In addition to using a powerful and updated antivirus solution, you can also use a network analysis tool to identify the malicious packets and block them. Such an application is Wireshark and it comes with no price tag.
Wireshark is the world’s foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- Rich VoIP analysis
- Read/write many different capture file formats
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
Now lets start, Download and Install Wireshark.
Packet Capturing :- Launch your Wireshark utility and choose your network interface. it,s depend upon you what you want to capture like wireless network or wire network from the main window.
or click on the interface icon to see the details about your interfaces.
Now click on the Start, you will see the packets start appear in real time.
Now click on the Stop button on the left corner to stop the live capture.
In the capture menu it,s showing Source IP-address , Destination IP-address, Protocol Information about packet and some packet information.
it,s lots of data. Now you need to be find out the data your work like i want to see the HTTP packets passing from my network. So in the Filter menu i need to be write HTTP or click on the Filter option to find out the Filter option.
Select your packet and Right click on it and Select the option Follow TCP stream option.
it will show more awesome information about particular packet.
Color Coding :- By default, Green is TCP traffic, Dark blue is DNS traffic , Light blue is identified as UDP traffic and Black packet will be identified as a Bad packets.
But here you have the option to change the color option. Select the String and click on the Edit option.
Add own Column :- You can easily customize the filter menu of Wireshark display. Select the option that you want to add, Right click and select the Apply as Coulmn option.
Summary of All packets and captures :- You have option to see the summary of all the packets and captures from the summary option on the top most corner.
Enjoy the packet capturing with wireshark.
I will try to write more on the Wireshark in my upcoming post.
Hope you like my post. How to Use Wireshark to Capture, Filter and Inspect Packets. Please Share with others.