Wireshark is basically an app free of cost that lets you snap and access any data while traveling using your network hence gives you the ability to view contents of every packet which are adjusted according to your needs. This is mainly used for getting rid of network issues in addition to developing and test running the software. This article will give you some basics as to what Wireshark is and how can one go about using it.
1. Download and Install Wireshark
You can download and install Wireshark without paying anything by accessing the official website for Wireshark Foundation where you will find versions for both Windows PC and Mac devices. If you are an advanced user then we recommend that you install the recent most release of this software. While the configuration process you must select to install the WinPcap if allowed which will also comprise of the live data capture library.
This app can also be downloaded for Linux and other platforms such as UNIX. FreeBSD etc however the binary needed for these systems can be accessed beneath the download page in the section of Third-Party Packages.
2. Guide to Capture Data Packets on Wireshark
To start the packet capture process, you must choose any one or more of the available networks simply by pressing your selection or by hitting the Shift or Ctrl keyboard keys if you wish to secure data present on many networks at the same time. When you have chosen the type of connection for packet capture, it will get highlighted in grey or blue color. Then press the button that says Capture present in the main menu present at the top of the page for the Wireshark. When the menu drops down, simply hit on the Start button.
You can start the packet capturing process by using any of the following keyboard shortcuts or otherwise:
- Keyboard Shortcut:Hit Ctrl + E simultaneously
- Mouse Shortcut:To start the packet capture from a single network, all you have to do is double-on the network name.
- Toolbar Shortcut:Press the shark fin button present in blue right on the left-hand side of the toolbar.
This will start the packet capturing procedure and the information will pop open on a Wireshark window once it has been recorded. If you now wish to stop the data capturing process, do the following:
- Keyboard Shortcut:Hit the Ctrl + E keys at the same time
- Toolbar Shortcut:Press the button in red for Stop present on the toolbar of Wireshark
3. Access and Analyze the Packet Contents on Wireshark
When you are done recording network packets then you can access and view the captured information. In the packet list pane present towards the top of the window you will find a file for all packets in active capture. Each of the recorded packets will be present in its specific row and a number will be assigned to it in addition to the data points.
- Time:There will be a timestamp for the captured packet in the column and the standard format will be in seconds when the particular file was generated. To change this format to anything more convenient for instance to the time of the day you must choose the format for Time Display Format present in the Wireshark’s View menu at the top.
- Source:This is that column which will list the IP address from where a particular packet started.
- Destination: This will be the column comprising of the address where the packet was being delivered.
- Protocol:This will include the protocol name for the packet.
- Length:This will tell you the length of the packet in bytes.
- Info: Any extra details about the packet will be included in this column.