Wireshark Demystified
Wireshark is an interesting tool used to intercept and open data packages, so that you can read them, but how does this amazing tool work and why is it so useful for people? There is actually a lot going on behind the scene.
Let’s first learn about what are the uses of Wireshark. Wireshark can be used for a variety of things , these are some of the reasons why people use it. Network administrators use it to troubleshoot network problems,
Network security engineers use it to examine security problems,
QA engineers use it to verify network applications,
Developers use it to debug protocol implementations and much more. Now that we know about its uses let’s learn about what is inside it.
The components include a GUI, Core, Epan, Wiretap, Capture, Dumpcap ,Ncap and Libcap . Now we know the names of the parts, let’s go deeper into what are these components. We start with the GUI, or graphical user interface, it is the component that shows you the data. The core is the glue of Wireshark components, because it has all the code. Epan analyses packets and gets the information from Wiretap, which reads and writes different file formats. Capture is the code of the capture engine called Dumpcap, these are the parts that help with capturing the data. Dumpcap is the capture engine, and it executes with elevated privileges. After that, now let’s learn about the external libraries of Wireshark, these are the external libraries that do simple packet capture, but works at a much lower level than Wireshark and they are used to aid in it .
Now that we know a bit more about the components, let’s see how they are used in order. It starts with the Ncap and Libcap, which are the first to process it and take it in the Dumpcap engine, or the capture engine, then comes the harddisk, the hard disk takes it to Wiretap, this then is sent to the core, to be distributed to Epan, or enhanced packet analyzer, once this is done, then you nearly have your packet ready to be seen. The open packet is now stored to the core again, and then you get it sent to the GUI, or graphical user interface.
