Table of Contents
What is Wireshark ?
Wireshark is a network packet analyzer. It capture network packets and display this data through a graphical user interface. It is a free and open-source tool. Cybersecurity professionals are using Wireshark to troubleshoot networks. With this tool they can analyze suspect network trafic and identify potential breaches.
What is Wireshark used for ?
Wireshark is used by a lot of professionals like IT Engineers, ethical hackers, cybersecurity professionals… It is mainly used to troubleshoot network issues and to identify security problems and vulnerabilities.
It is also used in communication’s protocol implementation. During penetration testing Wireshark is used to check the efficiency of the hacking tools.
How to install Wireshark ?
First you need to know the system type of your computer, 64-bit or 32-bit. Then you will have to download Wireshark by following this link : http://www.wireshark.org. Chose the version that matches your system type. You can then double click on the file you just downloaded to start the installation process.
How to sniff network traffic with Wireshark
For your first traffic capture with Wireshark you can just download pre-made PCAP files. PCAP is the format used to store packet data, these files can be opened in Wireshark. You can download such files on the Netresec website. Once you have a PCAP file on your computer, open Wireshark then go to file > open and look for your file in the dialog box.
If you want to capture some traffic yourself you can start with your own network interface. Open Wireshark and click on Capture > Interfaces chose « ANY » and wireshark will start to capture every network you’re connected on. Once you’re done click on the stop button and save the capture in the default format. You can now dig in the packets captured by Wireshark and troubleshoot your network.
Wireshark or tcpdump
Wireshark provides a graphical interface to help the packet monitoring. Tcpdump is a CLI based tool so it can be less comfortable for those who are not used to the command prompt of their computer.
Can Wireshark capture VoIP calls ?
Wireshark capture all types of packet including SIP packets used in the VoIP technology.
How do i see VoIP in Wireshark ?
To specifically dig in VoIP packets in the captured trafic you can open the VoIP Calls window. This window will display a list of all detected VoIP calls in the captured traffic. To open the VoIP Calls window : click on the « telephony » tab of the main menu, then « VoIP calls» the VoIP calls window opens and display all calls from the sniffed network. You can also filter to SIP messages only by selecting « SIP flows ».