Wireshark: almost everything you need to know

Created at the end of the 90s under the name of Ethereal by the North American developer Gerald Combs, Wireshark was born out of a need: that of analyze and optimize the traffic generated by an internet service provider (ISP). Those were other times, where the traffic analyzers that existed were not only expensive but also incompatible with the most used servers.

After a few years working on the project, Combs made the qualitative leap that Wireshark needed, the support of a active community of open source developers and programmers. In fact, nowadays, an annual event of a certain magnitude is organized in the sector such as the SharkFest, which serves to share the new advances in this very useful open source tool.

How Wireshark can help you

First of all, it is important to note that it is a free and open source packet capture tool. Its main purpose is to help network and security administrators to perform a deep and detailed analysis of the traffic that moves through a specific network. In addition, it also detects security problems, optimizes traffic, solves network performance problems…

One of the great advantages of Wireshark is that you can detect the majority of packets flowing through a networkregardless of operating system, network protocol, encryption method or file format, which is highly advantageous for programmers.

All versions of Wireshark and the source code are completely open source and can be download for free. In fact, there are two versions: one that uses a non-graphical command-line type interface, and then there is the more popular one, with a graphical user interface and designed to be used by people with various levels of experience, not just experts. or programmers. Wireshark is currently available at version 3.6.5, although a more advanced version, 3.7.0, is in the works.

Wireshark compatibilities

Wireshark can be configured to color code certain packages and can read in real time data flowing through a network or device using all common protocols: wired Ethernet, wireless IEEE 802.11, PPP/HDLC WAN protocol, Bluetooth, USB… also for encrypted traffic, it offers automatic decryption and support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2.

The vast majority of capture file formats are also supported: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer (compressed and uncompressed), Sniffer Pro, NetXray, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer , Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets, EtherPeek, TokenPeek, AiroPeek and others. The output can also be exported to XML, PostScript, CSV, or plain text files.

Wireshark has established itself as one of the leading tools used for packet capture and traffic analysis today. And to a large extent, its success is due to a community of professionals made up of programmers, who help improve Wireshark; educators, who teach how to use the tool and analyze networks; and, of course, its users.

Related Articles

Leave a Reply

Your email address will not be published.