It has been mentioned here on the blog before about the power of a utility called Wireshark to map out how things connect to the internet and it’s usefulness in performing some advanced troubleshooting tasks concerning Windows and Linux connectivity. The reason being, is because it potentially offers more flexibility and power than what another good quality network analysis tool, URLSnooper has to offer which has also been covered previously.
However, at the same time, URLSnooper is nowhere near as complex to use and configure as Wireshark can be, so for less advanced users, URLSnooper might be a more logical choice to out first. Wireshark aims to be the one of those tools that is indispensable if the time and effort is taken to properly set it up. If you can do that, Wireshark is one of a kind in it’s power and its packet analysis abilities.
Wireshark was formally known as Ethereal so if you have heard of that name before, it’s the same software. The program is completely free and open source released under the GNU General Public License version 2. There are a few versions available for Windows including separate 32bit/64bit versions, a portable version and a dedicated version for U3 pen sticks. When Wireshark’s install is started or the portable version is run for the first time, you will be asked to install the included ‘Windows Packet Capture’ (WinPcap) library and driver as well. This is obviously a drawback if you want a truly portable application but unfortunately, is required to capture the network packets. If WinPcap is already detected on the system, this part will be automatically skipped. Once installed under Windows or Linux, the default interface is pretty much the same.
Once you haven chosen your required capture interface, which should be either the Ethernet adapter or the Wireless network adapter, you can then start sniffing out all the packets your computer is sending and receiving through the adapter. This will allow you to see if your computer is without your knowledge leaking data to an external server. The recommended way to check for this is when you’ve got your firewall in a ‘Block All‘ setting because in theory, no traffic in or out should be moving through the adpater.
It can also help you troubleshoot networking issues, to see why and what might be stopping you from accessing the internet. Or you can even filter out how a program connects to a server, so you can block ads in the said program, for example, Windows Live Messenger, as well as showing who is hosting online console gaming servers or downloading with Bittorrent on your network causing slowdowns.
As I mentioned before, Wireshark has a number of highly complex and advanced functions and you really would benefit from having a good read of the documentation. To learn more about Wireshark and how to use it, the Official site has a huge amount of information and can provide you with answers to nearly any problems or questions you might have, as well as the unofficial documentation doing a wonderful job as well. I’d highly recommend it for network administrators or anyone who wants to do some deep analyzing of traffic on their private network.
Compatible Windows XP , Server 2003, Vista, 2008, Windows 7, or 2008 R2.