What is Wireshark and how to use it

What is Wireshark ?

Wireshark is a network packet analyzer. It capture network packets and display this data through a graphical user interface. It is a free and open-source tool. Cybersecurity professionals are using Wireshark to troubleshoot networks. With this tool they can analyze suspect network trafic and identify potential breaches.

What is Wireshark used for ?

Wireshark is used by a lot of professionals like IT Engineers, ethical hackers, cybersecurity professionals… It is mainly used to troubleshoot network issues and to identify security problems and vulnerabilities.

It is also used in communication’s protocol implementation. During penetration testing Wireshark is used to check the efficiency of the hacking tools.

How to install Wireshark ?

First you need to know the system type of your computer, 64-bit or 32-bit. Then you will have to download Wireshark by following this link : http://www.wireshark.org. Chose the version that matches your system type. You can then double click on the file you just downloaded to start the installation process. 

How to sniff network traffic with Wireshark

For your first traffic capture with Wireshark you can just download pre-made PCAP files. PCAP is the format used to store packet data, these files can be opened in Wireshark. You can download such files on the Netresec website. Once you have a PCAP file on your computer, open Wireshark then go to file > open and look for your file in the dialog box.

If you want to capture some traffic yourself you can start with your own network interface. Open Wireshark and click on Capture > Interfaces chose « ANY » and wireshark will start to capture every network you’re connected on. Once you’re done click on the stop button and save the capture in the default format. You can now dig in the packets captured by Wireshark and troubleshoot your network.

Wireshark or tcpdump

Wireshark provides a graphical interface to help the packet monitoring. Tcpdump is a CLI based tool so it can be less comfortable for those who are not used to the command prompt of their computer.

Can Wireshark capture VoIP calls ? 

Wireshark capture all types of packet including SIP packets used in the VoIP technology.

How do i see VoIP in Wireshark ?

To specifically dig in VoIP packets in the captured trafic you can open the VoIP Calls window. This window will display a list of all detected VoIP calls in the captured traffic. To open the VoIP Calls window : click on the « telephony » tab of the main menu, then « VoIP calls» the VoIP calls window opens and display all calls from the sniffed network. You can also filter to SIP messages only by selecting « SIP flows ».

homme au téléphone

Protégez vos communications

Diskyver est un système de détection d’anomalies téléphoniques qui surveille votre infrastructure téléphonique à la recherche d’activités malveillantes ou de violations de politiques.

Découvrez la solution

Découvrez nos dernières publications

STIR/SHAKEN: everything you need to know

The name "STIR/SHAKEN" refers to a set of protocols and procedures designed to fight caller ID spooffing. On March 31st, the Federal Communications Commission(FCC) of the United States voted in favor of the implementation of these rules. What is spoofing? Spoofing...

TDoS attack : How to protect yourself

Companies are targeted by a wide variety of cyber threats, including TDoS attack. This type of attack consists of flooding the targeted company's telephone servers with requests and then demanding a ransom in exchange for restoring the servers back to service. The...
WordPress Cookie Plugin by Real Cookie Banner