What is Wireshark and how to use it

What is Wireshark ?

Wireshark is a network packet analyzer. It capture network packets and display this data through a graphical user interface. It is a free and open-source tool. Cybersecurity professionals are using Wireshark to troubleshoot networks. With this tool they can analyze suspect network trafic and identify potential breaches.

What is Wireshark used for ?

Wireshark is used by a lot of professionals like IT Engineers, ethical hackers, cybersecurity professionals… It is mainly used to troubleshoot network issues and to identify security problems and vulnerabilities.

It is also used in communication’s protocol implementation. During penetration testing Wireshark is used to check the efficiency of the hacking tools.

How to install Wireshark ?

First you need to know the system type of your computer, 64-bit or 32-bit. Then you will have to download Wireshark by following this link : http://www.wireshark.org. Chose the version that matches your system type. You can then double click on the file you just downloaded to start the installation process. 

How to sniff network traffic with Wireshark

For your first traffic capture with Wireshark you can just download pre-made PCAP files. PCAP is the format used to store packet data, these files can be opened in Wireshark. You can download such files on the Netresec website. Once you have a PCAP file on your computer, open Wireshark then go to file > open and look for your file in the dialog box.

If you want to capture some traffic yourself you can start with your own network interface. Open Wireshark and click on Capture > Interfaces chose « ANY » and wireshark will start to capture every network you’re connected on. Once you’re done click on the stop button and save the capture in the default format. You can now dig in the packets captured by Wireshark and troubleshoot your network.

Wireshark or tcpdump

Wireshark provides a graphical interface to help the packet monitoring. Tcpdump is a CLI based tool so it can be less comfortable for those who are not used to the command prompt of their computer.

Can Wireshark capture VoIP calls ? 

Wireshark capture all types of packet including SIP packets used in the VoIP technology.

How do i see VoIP in Wireshark ?

To specifically dig in VoIP packets in the captured trafic you can open the VoIP Calls window. This window will display a list of all detected VoIP calls in the captured traffic. To open the VoIP Calls window : click on the « telephony » tab of the main menu, then « VoIP calls» the VoIP calls window opens and display all calls from the sniffed network. You can also filter to SIP messages only by selecting « SIP flows ».

homme au téléphone

Protect your communications

Diskyver is a telephone anomaly detection system, it monitors your telephone infrastructure for malicious activities.

Learn more button

Discover our last articles

What is SIPVicious ? The ultimate VoIP pentest tool

In cybersecurity the border between ethical hacking and regular hacking is often thin. SIPVicious is a perfect example of this phenomenon : made for security professionals, it is also widely used by criminals to identify and exploit SIP networks vulnerabilities. Let's...

Asterisk installation : guide and purchase tips

Which asterisk installation alternative for your virtual IPBX ? Before starting your search for an IPBX solution, you need to define your company's needs. Take your current configuration as a reference and establish requirements: in a numerical way (number of lines,...

Session Border Controller: why your enterprise need it (SBC)

The Session Border Controller is an indispensable part of any telephony infrastructure, it is the gatekeeper. Like a security guard, it controls the network entrances. It is important that its capacities are adapted to the type of flow to be managed.  What is a...

4 tips to set up a user friendly IVR

"At the end of your message, if you want to change it, type pound ... " Beep!  If you hear these words and feel a mixture of frustration and anxiety, you are a normal human being. However, this is the most famous interactive voice server in the world: the...

STIR/SHAKEN: everything you need to know

The name "STIR/SHAKEN" refers to a set of protocols and procedures designed to fight caller ID spooffing. On March 31st, the Federal Communications Commission(FCC) of the United States voted in favor of the implementation of these rules. What is spoofing? Spoofing...

TDoS attack : How to protect yourself

Companies are targeted by a wide variety of cyber threats, including TDoS attack. This type of attack consists of flooding the targeted company's telephone servers with requests and then demanding a ransom in exchange for restoring the servers back to service. The...
WordPress Cookie Plugin by Real Cookie Banner