What is Wireshark ?why we use it?

In short,a network protocol analyzer otherwise known as a “packet sniffer”,captures and decodes packets of information from a network.Wireshark can capture live network traffic or read data from a file and translate data to be presented in a format the user can understand.Network analyzers such as wireshark are invaluable tools for administrators to diagnose and troubleshoot problems with,but are also used by intruders to obtain unauthorised information.

Basically wireshark is used for :

  • Troubleshooting network issues and locating bottlenecks
  • Network intrusion detection
  • Log network traffic for forensic analysis.
  • Discovering a DOS(denial of service ) attack
It can also be used by attackers for more nefarious(criminal) purposes

such as

  • Capturing usernames and passwords
  • OS fingerprinting
  • Capturing sensitive or proprietary information
  • Network mapping.

We will be continued with how to start with the wireshark in the next post ;)