Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

What does Wireshark do?

Written by  Nov 27, 2019

Wireshark is the world's leading network traffic analyser, and an essential tool for any security professional.

This free software lets you analyse network traffic in real time, and is often the best tool for troubleshooting issues on your network.

Common problems that Wireshark can help troubleshoot include dropped packets, latency issues, and malicious activity on your network. It lets you put your network traffic under a microscope, and provides tools to filter and drill down into that traffic, zooming in on the root cause of the problem. Administrators use it to identify faulty network appliances that are dropping packets, latency issues caused by machines routing traffic halfway around the world, and data exfiltration or even hacking attempts against your organisation.

Wireshark is a powerful tool that requires sound knowledge of networking basics. For most modern enterprises, that means understanding the TCP/IP stack, how to read and interpret packet headers, and how routing, port forwarding, and DHCP work, for example.

White hat hacker

Also see: What are White hat hackers?

 

What does Wireshark do exactly?

Wireshark intercepts traffic and converts that binary traffic into human-readable format. This makes it easy to identify what traffic is crossing your network, how much of it, how frequently, how much latency there is between certain hops, and so forth.

While Wireshark supports more than two thousand network protocols, many of them esoteric, uncommon, or old, the modern security professional will find analysing IP packets to be of most immediate usefulness. The majority of the packets on your network are likely to be TCP, UDP, and ICMP.

Given the large volume of traffic that crosses a typical business network, Wireshark's tools to help you filter that traffic are what make it especially useful. Capture filters will collect only the types of traffic you're interested in, and display filters will help you zoom in on the traffic you want to inspect. The network protocol analyser provides search tools, including regular expressions and coloured highlighting, to make it easy to find what you're looking for.

Sometimes the best way to find anomalous traffic is to capture everything and establish a baseline.

ethical hacking

Also see: What is ethical hacking exactly?

 

How to use Wireshark

You need to know what is normal to find what is abnormal, and Wireshark includes tools to create baseline statistics. While Wireshark is a network protocol analyzer, and not an intrusion detection system (IDS), it can nevertheless prove extremely useful to zeroing in on malicious traffic once a red flag has been raised.

Wireshark can also be used to intercept and analyse encrypted TLS traffic. Symmetric session keys are stored in the browser, and with the appropriate browser setting (and permission and knowledge of the user) an administrator can load those session keys into Wireshark and examine unencrypted web traffic.

Wireshark comes with graphical tools to visualise the statistics. This makes it easy to spot general trends, and to present findings to less-technical management.

Wireshark can be a learning tool

There are so many hands-on uses for Wireshark that it's easy to overlook what an effective learning tool it can be. Lifting up the hood of a car is the best way to understand how an internal combustion engine works, and likewise lifting the lid on network traffic and watching packets fly by — even drilling down to the byte level, and examining TCP headers — is a powerful way to learn, and teach others how the internet works.

Advertisement


Cybersecurity Essentials
amazon uk

 

Demystifying the motor that runs our information economy can only lead to better-informed business decisions and better government policy, not to mention a better-qualified workforce. Wireshark is already a staple of classroom curricula in many training settings, but the docs are complete enough at this point that an eager learner can easily download the network protocol analyser, sniff their local wifi access point, and start examining traffic.

Free Wireshark tutorial

There are lots of great free resources on how to learn Wireshark, plus tips and tricks to get the most out of the software. Here are a the ones we consider to be the best:

Download Wireshark for free

Download at wireshark.org and start sniffing packets right away.

This article contain Amazon UK affiliate links, which means we may earn a small commission (at no extra cost to you) if a reader clicks through and makes a purchase. The prices may vary after publication, please follow links for current prices and offers.


Did you find this review useful? Comment below or follow us on
Facebook, Twitter or LinkedIn.

Carl Perkins

A security tech expert, Carl specialises in IT Security having worked in the field for over 10 years and has previous Tech admin roles to his credit. He is very experienced and his contribution is invaluable to us.

1 comment

  • Peter Cook
    Comment Link Peter Cook Wednesday, 26 February 2020 10:19

    What is the best resource for learning wireshark?

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Advertisement

Popular News

Jun 13, 2020 IT Security News

Microsoft announces major issue in Windows 10 June 2020 updates

On 9th June, 2020, Microsoft released cumulative updates for supported versions of Windows 10 including version 2004, ve...

Jun 12, 2020 Cyber Security

NHS email service fooled users in phishing attack

NHS Digital is contacting users of its NHSmail email system after a small number of mailboxes were compromised in a gene...

May 25, 2020 Cyber Security

Beware of security threats before deploying remote working

Remote working is receiving a great deal of attention recently for obvious reasons. The world has changed and remote wor...

Jun 09, 2020 Cyber Threats

Common types of cyber-attacks and how to avoid them

With cyber-attacks on the rise, businesses are constantly worried about losing vital data and the threat is very real. ...

May 19, 2020 IT Security News

EasyJet data breach: Over 9 million customers affected

The personal data of over 9 million EasyJet customers has been infiltrated by hackers, including over 2,000 users' credi...

Jun 12, 2020 IT Security News

100,000 cheap wireless cameras sold in the UK are vulnerable to hacking

Consumer advocacy organisation Which? has issued a warning over the security of wireless camera brands made by China-bas...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

May 28, 2020 IT Security News

UK virus apps highlights tension between privacy and need for data

As more UK and European governments turn to tracing apps in the fight against the coronavirus, a deep-rooted tension bet...

Jun 09, 2020 IT Security News

Self-employed targeted by hackers with HMRC SMS phishing scam

Cyber criminals have launched a new phishing scam designed to steal personal and financial details of millions of self-e...

May 27, 2020 Cyber Security

UK scared cybercriminals will use NHSX Covid-19 Tracing App to launch attacks

Nearly half (48%) of the UK public surveyed about the NHSX COVID-19 tracing app do not trust the UK government to keep t...

Jun 08, 2020 Cyber Security

Ransomware attack compensation: What the UK public think

UK consumers believes businesses should stand their ground having suffered a ransomware attack and refuse to negotiate w...

May 28, 2020 IT Security News

Defence tips to stop a trojan invasion

Knowing not to open email attachments from unfamiliar addresses, or even the email itself, is a vital step to preventing...

Jun 11, 2020 IT Security News

UK government still can’t decide how NHS contact tracing app should work

A new report today says that the UK government still hasn’t decided exactly how its NHS contact tracing app should wor...

May 20, 2020 IT Security News

To VPN or not to VPN for business users

It’s a question many organisations are asking as they work to provide secure and reliable remote access at scale. ...

May 22, 2020 Cloud Security News

Overwhelming majority of UK organisations now confident in public cloud security

UK businesses are extremely confident in the security measures offered by public cloud service providers.

Jun 25, 2020 IT Security News

NCSC catch a million phish

The National Cyber Security Centre has received the millionth submission to its Suspicious Email Reporting Service. ...

Advertisement
Symantec Home 120x60

Advertisement