Wireshark – Packet Analyzer

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues. Wireshark is cross-platform, using the Qt widget toolkit in current releases to implement its user interface, and using pcap to capture packets. It runs on Linux, macOS, BSD, Solaris, some other Unix-like operating systems, and Microsoft Windows. 

Features

  • Available for UNIX and Windows.
  • Capture live packet data from a network interface.
  • Open files containing packet data captured with tcpdump/WinDump, Wireshark, and many other packet capture programs.
  • Import packets from text files containing hex dumps of packet data.
  • Display packets with very detailed protocol information.
  • Save packet data captured.
  • Export some or all packets in a number of capture file formats.
  • Filter packets on many criteria.
  • Search for packets on many criteria.
  • Colorize packet display based on filters.
  • Create various statistics.

Requirements

The amount of resources Wireshark needs depends on your environment and on the size of the capture file you are analyzing.

Microsoft Windows

  • Wireshark should support any version of Windows that is still within its extended support lifetime. •
  • At the time of writing this includes Windows 10, 8.1, Server 2019, Server 2016, Server 2012 R2, and Server 2012.
  • The Universal C Runtime. This is included with Windows 10 and Windows Server 2019.
  • Any modern 64-bit AMD64/x86-64 or 32-bit x86 processor.
  • 500 MB available RAM. Larger capture files require more RAM.
  • 500 MB available disk space. Capture files require additional disk space.
  • Any modern display. 1280 × 1024 or higher resolution is recommended.
  • A supported network card for capturing.

macOS

  • Wireshark supports macOS 10.12 and later.
  • Similar to Windows, supported macOS versions depend on third party libraries and on Apple’s requirements.

UNIX, Linux, and BSD

  • Wireshark runs on most UNIX and UNIX-like platforms including Linux and most BSD variants.
  • The system requirements should be comparable to the specifications listed above for Windows.

security attacks considered in wireshark

  • LOCAL AREA NETWORK ATTACKS
  • ARP Poisoning Attack
  • MAC Flooding Attack
  • DOS Attacks
  • DHCP Spoofing Attack
  • VLAN Hopping
Working diagram of  Wireshark

Advantages of using Wireshark

  • Free software
  • Available for multiple platforms – Windows & UNIX
  • Can see detailed information about packets within a network
  • Not proprietary can be used on multiple vendors unlike Cisco Prime

Disadvantages of using Wireshark

  • Notifications will not make it evident if there is an intrusion in the network
  • Can only gather information from the network, cannot send