Do you need to sniff out and spy on network communications in a LAN, WAN or any network configuration? Or have you found yourself in a difficult situation troubleshooting network-related problems inside and outside of your network? Then you need a network analyzer to examine the packets going into and out of certain media. Wireshark can help. Keep reading to find out how.
Now that you know the principles of networking that govern the operation and analysis of Wireshark packets, you are ready to install Wireshark. Follow the steps below:
Step 1. Download Wireshark. Always download the latest stable release. At the time this tutorial was written, the version used was Version 1.2.1.
Step 2. Install Wireshark on your computer. Installation is very easy. Also install the associated third party applications, because you will need them (example: WinPcap).
Step 3. Once installed, you need to be acquainted with the basic features. Launch Wireshark. The first thing you see is the Wireshark Dashboard panel.
The most important part of the Dashboard panel is the "Capture" section. This is where you can select the type of device you need to capture. These are found under the "Interface list." Detailed customization of settings can be found under "Capture options." For selecting and customizing the interface, keep reading.
Selecting and customizing the network interface
In the above screen shot, there are three interfaces shown. However, do note that NOT all interfaces are active. These means not all of those three interfaces are capturing packets in your computer. To double check which interface is the actual active LAN card, you can click the "Interface List" (see screen shot above).
Look at the "Packets" and "Packets/s" column. The active interface should capture packets and you should see one interface that is capturing packets. If everything seems to look blank, try to initiate HTTP traffic by opening your browser and surfing websites; there should be one capturing packets. For example, see below:
In the above screen shot, Realtek RTL8139 Family Fast Ethernet Adapter is the active interface for which you can capture packets.
The lesson here is that you can capture packets via Wireshark from any active network card you are using for LAN. When you browse the web (or perform any network activity), the packets column will show figures indicating the number of packets received and speed of packets passing (i.e. how many per second).
You can even use this information for network card troubleshooting, to see if the LAN interface is receiving packets. In the second part of this tutorial we will look at data interpretation, packet analysis and actual/advanced applications of Wireshark.