Quick Start Guide

ManualsBrandsWireshark ManualsSoftware$model.subName

Wireshark Quickstart Guide

Figure 1: Wireshark lets you see the

network traffic entering and leaving

your computer.

Chapter 1: Getting Started

Wireshark is a network packet analyzer, known previously as

Ethereal. It lets you examine the network traffic flowing into

and out of your Windows or Unix machine. Network

professionals use Wireshark to troubleshoot networking

problems, but it is also an excellent way to learn exactly how

the network protocols work. For example, it allows us to see the

data that your system sends and receives when you type a web

address into a web browser (e.g., Internet Explorer or Mozilla’s

Firefox).

As a metaphor for Wireshark’s

operation, pretend that you could

take a special magnifying glass

and look into the network cable

coming out of the back of your

personal computer. You would

see the bits of information,

encoded as electrical pulses,

flowing into and out of your

computer.

If Wireshark stopped there, it

would only be of limited

use – it is difficult to

make sense out of a raw

stream of data.

However, Wireshark also contains a protocol analyzer that

understands a massive number of protocols, containing over

78,000 filters. It converts the data stream to a listing of packets

flowing in and out of the computer. It allows you to examine an

individual packet, and drill down through the layers of

encapsulation until the application-level payload is revealed.

Wireshark is developed as open source software. This means

that the software is developed as a community effort, and the

source code is freely available. Furthermore, it is licensed under

the GNU General Public License

(http://www.gnu.org/licenses/gpl.html). This license gives you

the right to use the software for free. However, you may not sell

the software, or a derivative of it. Also, if you modify the

program code, you must be willing to submit the changes back

to the open source community.

You can find more

information on the

Wireshark web site at

www.wireshark.com .

Wireshark may not

work on Windows

computers using

wireless network

adapters. Try

switching off

Promiscuous mode

(Edit / Preferences /

Capture). For more

discussion of what

Wireshark can or can

not capture, refer to

Appendix 1