Wireshark is a protocol analyzer using which you can capture and analyze traffic in your network. It is written by Gerald Combs. The first version was released in 1998. It is a Free and Open Source software. It was initially called Ethereal and renamed due to a trademark issue.

Back in the day, to analyse network traffic, they hook up an oscilloscope to the network which captures the electrical wave form which is converted into binary and then decoded manually.

In Linux and other nix , it uses libpcap library which is also used by tcpdump. In Windows, it uses WinPcap driver. The libpcap or WinPcap receives every data incoming and outgoing at the NIC, passes one copy to Wireshark and the other to the network application.

It has a command line version called tshark. The syntax is quite similar to tcpdump. You can capture packets with tcpdump and tshark, save it to a file and load it in Wireshark for analysis.

I took these notes while going through this introductory course on Wireshark at Pluralsight.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s