Guide

VAR guide: Wireshark, the open source network monitoring tool

Wireshark is the world's most popular open source network protocol analyzer -- and probably the most popular network protocol analyzer, period. A

    Requires Free Membership to View

network protocol analyzer is a tool that collects and decodes network traffic, typically with a focus on the details of individual frames. System and network administrators, security professionals, and IT troubleshooters all use Wireshark to depict the distinct elements of a frame in a graphical display. By interpreting network traffic in a user-friendly yet powerful interface, users gain insights into network performance, security and related activity.

One of Wireshark's greatest strengths is its clean depiction of network traffic at varying levels of detail. The tool's top pane lists frames individually, with key data ready for inspection on a single line. Any single frame selected in the top pane is further explained in the tool's middle pane. In this section of the display, Wireshark explains how various aspects of the frame can be understood as belonging to the data link layer, Internet layer, transport layer, or application layer. Finally, Wireshark's bottom pane displays the raw frame, with a hexadecimal rendition on the left and the corresponding ASCII values on the right.

More information on Wireshark for networking solution providers

Wireshark 1.2 tutorial: Open source network analyzer's new tools

Using Wireshark and Tshark display filters for troubleshooting

Testing Snort with Metasploit

Using Wireshark to sniff network traffic

The key to Wireshark's real power is its ability to decode a wide variety of network protocols. No protocol seems to be beyond Wireshark's knowledge. The incredible assortment of protocol dissectors means users will most likely find their production traffic expertly decoded rather than simply displayed as a series of binary or text values. Beyond raw protocol analysis, Wireshark also includes a variety of supplementary tools to profile traffic. The main graphical tool also ships with multiple command line components, such as the non-graphical version called Tshark.

Wireshark is an essential tool for service providers because knowledge of network health is critical for customer success. By capturing and analyzing full content traffic, service providers can directly inspect real evidence. Rather than trying to derive indicators of network status from log messages or other sources, service providers can perceive ground truth in the packets themselves. Wireshark is your friend -- check it out!

Use "Wireshark filter tutorial: A Wireshark guide" from Laura Chappell to further your knowledge of Wireshark, the open source network analyzer.

This was first published in July 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: