Ethereal was the original name of Wireshark. This open source packet analyser is a very powerful networking tool which is commonly used for troubleshooting within networks.
Mr Gerald Combs first established and founded the software; the program was designed as a small network capture tool and is now one of the most prominent tools available on the current market.
Wireshark captures packets in real time and displays it in a comprehensible style for users to easily read and understand packet details.
Wireshark uses a network interface card for capturing the packets, it supports over 850 protocols, these ranging from common IP and DCHP to the most advanced protocols like AppleTalk, Bittorrent etc.
From your network card, you can effectively capture the traffic and save it to a file to review it or examine it at a later date, as you should be aware that it is often impossible to monitor traffic in real-time due to the fast speeds associated with modern network technology.
Wireshark can filter out many packets based on protocol type, source address, destination address, source port, destination port and many others.
Let’s see some simple network problems:
- Analysing the cause of high latency.
- Defining the location of packet loss.
- Comparing path throughput for various applications.
- Analysing window size issues.
- Identifying intercepting device issues.
As with all “good” uses of network troubleshooting, unfortunately there remains the opportunity to use the software for “bad” purposes. Due to the nature of the software, packet sniffing can be exploited, as performed using a typical MITM attack to read the data in the packets such as username, password and other confidential data. So if this software has been implemented for use in a company network, its best to allow access for Network Administrators only, rather than general staff.