Wireshark
Introduction to Wireshark
What is Wireshark? Well, Wireshark is free and open source network packet analyzer. Basically, it will capture network packets and try to display that packet data with as much detail as possible.
Uses for Wireshark
You may be thinking that Wireshark is only good for capturing network packets. Well, Wireshark has many uses. They are also good for network troubleshooting, analysis, software and communications protocol development, and education. According to Wireshark, some intended purposes are:
- Network administrators use it to troubleshoot network problems
- Network security engineers use it to examine security problems
- QA engineers use it to verify network applications
- Developers use it to debug protocol implementations
- People use it to learn network protocol internals
How to use Wireshark
First of all, you need to download Wireshark. For Windows and MacOS, you can download Wireshark from the official website, or at this website(https://www.wireshark.org/download.html). After you finished installing Wireshark, you can open it. Once you open, you should see something similar to the screenshot. If you don’t, then my recommendation is to uninstall and reinstall. Anyways, if you want to start capturing packets on a specific interface, then double-click the name of a network interface. The lines to the right of each interface shows the network traffic, which is the amount of data moving across a network. Once you have clicked on the interface name, you should see a bunch of packets, which should look something like the screenshot below. It may take a while to load packets. There should be a red square in the top left corner. This red square is used to stop capturing packets. That is the basics of how to use Wireshark
Color coding packets
As you can see in the screenshot above provided by Wireshark, there are different background color and text color for certain packets. For example, a bad TCP has a black background with red text. Also in the screenshot, they edit the “Checksum Errors”. You can also edit by using the “Foreground” and “Background” buttons towards the bottom. That is how to read and edit colored packets.
Ports and Protocols
According to Speed Guide, “a protocol defines a standard way for computers to exchange information.” They also say that a port is “a logical access channel for communication between two devices.” So a port is basically a channel. Common protocols used in computer networks are IP(internet protocol), TCP (transmission control protocol), and UDP (user datagram protocol). Data is organized into TCP packets or UDP packets. Then the ports are used to transfer the data to different destinations. One port is used to send the data while another port is used to receive the data to avoid collision between packets. For TCP and UDP protocols, the port number can range from 1 to 65535.0 to 1023 are well known ports, 1024 to 49151 are registered ports, and 49152 to 65535 are private ports.
