Wireshark is a very powerful and popular network analyzer for Windows, Mac and Linux. It’s a tool that is used to inspect data passing through a network interface which could be your ethernet, LAN and WiFi.
The series of data that Wireshark inspects are called ‘Frames’ which includes ‘Packets’. Wireshark has the ability to capture all of those packets that are sent and received over your network and it can decode them for analysis. When you do anything over the Internet, such as browse websites, use VoIP, IRC etc., the data is always converted into packets when it passes through your network interface or your LAN card. Wireshark will hunt for those packets in your TCP/ IP layer during the transmission and it will keep, and present this data, on its’ very own GUI.
It is important to note that whilst this is an excellent tool for a network administrator that needs to check that their customers sensitive data is being transmitted securely – it can also be used be used by hackers on unsecured networks – such as airport WiFi. Moral of the story at this point is to stay clear of clear text http protocols: that is the best advice i can give. To remedy this we would encourage you to use a Firefox addon called https everywhere or use an SSH or VPN tunnel.
Wireshark and WinPcap.
WinPcap is the Windows version of the libpcap library; it includes a driver to support capturing packets.
Wireshark uses this library to capture live network data on Windows.
See CaptureSetup/CapturePrivileges for information about using the WinPcap driver with Wireshark.
General information about the WinPcap project can be found at the WinPcap web site.
The libpcap/WinPcap file format description can be found at: Development/LibpcapFileFormat
WinPcap Version 4.1.3 Installer for Windows
Wireshark 1.12.3 Windows Installer (64-bit)
Wireshark 1.12.3 Windows Installer (32-bit)
Now you have installed WinPcap And Wireshark you are ready to go!
Follow me on twitter to see when the next part is here