VAR guide: Wireshark, the open source network monitoring tool

Your customers rely on you to monitor their networks to keep them safe and efficient. This VAR guide with Richard Bejtlich outlines the importance of Wireshark, the open source network monitoring tool, and why networking service providers that offer network monitoring services should know it.

Wireshark is the world's most popular open source network protocol analyzer -- and probably the most popular network protocol analyzer, period. A network protocol analyzer is a tool that collects and decodes network traffic, typically with a focus on the details of individual frames. System and network administrators, security professionals, and IT troubleshooters all use Wireshark to depict the distinct elements of a frame in a graphical display. By interpreting network traffic in a user-friendly yet powerful interface, users gain insights into network performance, security and related activity.

One of Wireshark's greatest strengths is its clean depiction of network traffic at varying levels of detail. The tool's top pane lists frames individually, with key data ready for inspection on a single line. Any single frame selected in the top pane is further explained in the tool's middle pane. In this section of the display, Wireshark explains how various aspects of the frame can be understood as belonging to the data link layer, Internet layer, transport layer, or application layer. Finally, Wireshark's bottom pane displays the raw frame, with a hexadecimal rendition on the left and the corresponding ASCII values on the right.

More information on Wireshark for networking solution providers

Wireshark 1.2 tutorial: Open source network analyzer's new tools

Using Wireshark and Tshark display filters for troubleshooting

Testing Snort with Metasploit

Using Wireshark to sniff network traffic

The key to Wireshark's real power is its ability to decode a wide variety of network protocols. No protocol seems to be beyond Wireshark's knowledge. The incredible assortment of protocol dissectors means users will most likely find their production traffic expertly decoded rather than simply displayed as a series of binary or text values. Beyond raw protocol analysis, Wireshark also includes a variety of supplementary tools to profile traffic. The main graphical tool also ships with multiple command line components, such as the non-graphical version called Tshark.

Wireshark is an essential tool for service providers because knowledge of network health is critical for customer success. By capturing and analyzing full content traffic, service providers can directly inspect real evidence. Rather than trying to derive indicators of network status from log messages or other sources, service providers can perceive ground truth in the packets themselves. Wireshark is your friend -- check it out!

Use "Wireshark filter tutorial: A Wireshark guide" from Laura Chappell to further your knowledge of Wireshark, the open source network analyzer.

Dig Deeper on Network management services