Anyone fascinated with computer network and how it has enabled connectivity between remote places throughout the globe must have wondered how it has been made possible. Small bytes of data continually flow through small wires, perhaps even without any wires and soon you have, Wikipedia displaying all the information known to mankind.
When you type www.google.com in your favourite browser, I assume it is Firefox :) , what sort of data is sent? How is it sent? If you want to watch the "data packets" in action what you need is a network analyzer or a network monitor aka sniffer. Network sniffing or packet sniffing is the same so don't be confused if there are other tools to do packet sniffing, because Wireshark does it all.
For a developer this software is pretty handy since it captures live data and shows what kind of data is being sent.
Although sniffers have more useful/evil purposes,(some future article) this article will cover how we can use a software called "Wireshark" to analyze the network data being sent.
The software is available for both windows and unix. The great thing is that it is an open source software, yet is updated regularly. The download links are at the bottom.
If you will be using Windows simply download the setup and install it. Wireshark comes bundled with WinPcap a set of libraries which allows Wireshark to capture packet in real time. During installation their will a prompt suggesting you
"Start WinPcap service "NPF" at startup -"
Allowing npf at startup would enable users without admin privileges to run it.If this bugs you then simply 'untick' the option and install it. The latter option however requires the user to start the NPF service manually by typing the following command in command prompt having admin priviliges each time before running Wireshark
net start npf
The following command stops the service
net stop npf
Ubuntu users need to type in wireshark in the synaptic software manager and let it do the rest. Other linux/unix users need to refer to the official documentation provided on their website. Linux users need to run wireshark as root privileges.
To capture live packets either click on the network interface that you want Wireshark to hook on to or if you're unsure which interface is being used go to options and click on interface. It will open a small windows displaying the number of packets received on each interface. The one having highest number of packets is most probably going to be connected to your local Lan or directly to the internet.
After you have selected the correct interface Wireshark will start displaying all the packets that are being sent or received by your computer.
This was a very basic lowdown on Wireshark perhaps one of the best networking tool.The next article of this series will cover some of its features.
When you type www.google.com in your favourite browser, I assume it is Firefox :) , what sort of data is sent? How is it sent? If you want to watch the "data packets" in action what you need is a network analyzer or a network monitor aka sniffer. Network sniffing or packet sniffing is the same so don't be confused if there are other tools to do packet sniffing, because Wireshark does it all.
For a developer this software is pretty handy since it captures live data and shows what kind of data is being sent.
Although sniffers have more useful/evil purposes,(some future article) this article will cover how we can use a software called "Wireshark" to analyze the network data being sent.
The software is available for both windows and unix. The great thing is that it is an open source software, yet is updated regularly. The download links are at the bottom.
If you will be using Windows simply download the setup and install it. Wireshark comes bundled with WinPcap a set of libraries which allows Wireshark to capture packet in real time. During installation their will a prompt suggesting you
"Start WinPcap service "NPF" at startup -"
Allowing npf at startup would enable users without admin privileges to run it.If this bugs you then simply 'untick' the option and install it. The latter option however requires the user to start the NPF service manually by typing the following command in command prompt having admin priviliges each time before running Wireshark
net start npf
The following command stops the service
net stop npf
Ubuntu users need to type in wireshark in the synaptic software manager and let it do the rest. Other linux/unix users need to refer to the official documentation provided on their website. Linux users need to run wireshark as root privileges.
To capture live packets either click on the network interface that you want Wireshark to hook on to or if you're unsure which interface is being used go to options and click on interface. It will open a small windows displaying the number of packets received on each interface. The one having highest number of packets is most probably going to be connected to your local Lan or directly to the internet.
After you have selected the correct interface Wireshark will start displaying all the packets that are being sent or received by your computer.
This was a very basic lowdown on Wireshark perhaps one of the best networking tool.The next article of this series will cover some of its features.
No comments:
Post a Comment