Analyse Network Traffic With Wireshark And Other Tools

There are a lot of tools that are out there that will let you explore the inner workings of the internet.

Sometimes you need to be able to find out what is going on behind the scenes so you will use a tool that will be able to show you.

One of these tools is known as Wireshark but there are many others as well.

WireShark

I will take a look at some of these tools in the hope that I can show you how you can look at the underpinnings of the internet and be able to find an item that you wouldn’t normally find when you are looking at the traffic normally.

So, before I get into talking about the tools, let me show you how the internet works and how your information is able to go to one part of the world from another in such a short amount of time.

After that, I will go over the tools that will allow you to be able to look at this display for yourself.

How The Internet Works

There are many different and confusing parts about the internet that you must understand before you start to dig into the inner workings of it.

I am not talking about the HTML and the other presentation portions of the net; you can easily see that when you hit the right click button and then view source.

Even though that side offers a complexity all of its own, I am going to be discussing a topic that goes even deeper into the internet workings.

When you are on the internet, the data is sent in the form of a bunch of packets.

These packets are electrical impulses that form to make pieces of data that you can understand.

In the packets there are little bits of information that tell the devices that are receiving the packets certain things about the packet itself.

This is known as the header of the packet.

The header of the packet has important information such as the TTL, which is also known as the time of life for the packet, the acknowledgment number, sequence number, the source and destination port and other information that helps describe the actual packet.

After the header of the packet you then have the data that the packet holds and that is the most important part of the packet.

The data is the information that you need to be able to get things done.

You have to remember that all of this is happening at beyond light speed (unless you use the same ISP as me in which case it will likely take a few hours!)

These data packets are going around the world and through many different servers.

If you stop and think about it, it is pretty amazing.

Now that we have a good idea about how all of this works, let’s take a good look at some of the tools that you can use to examine this process.

Wireshark And Snort

There are several different tools that you can use to examine the information that is provided by the data packets that are traveling around the network.

As I talked about earlier, these little pieces of electricity can offer all types of information about the network and the data that is being sent.

I will talk about two of the most popular tools that people use for these purposes.

One of the tools is known as Wireshark.

It is a tool for packet sniffing.

The other tool is known as Snort which allows you to analyze the entire network and check to make sure that everything is Ok.

With these two tools you will be able to know everything that is going into your network.

Wireshark will let you examine the data and the types of packets that are floating on your network.

Even if you are trying to examine your home network, there is no tool better than Wireshark.

It will show you a colored chart and tell you what packets are coming into the network and what packets are going out.

You can then highlight some of the packets and read their header information as well as the contents of the packet.

Some of the contents may be hard to decipher since it is only a section of the data that is coming in but after highlighting a few of the packets you can get a good idea of what information is being sent.

That is unless it is encrypted.

Snort is a very handy tool for checking out the whole network.

While Wireshark pays close attention to the packets and lets you do a manual examination, Snort’s focus is more on trying to discover vulnerabilities on its own.

Not only is it looking for worms and other malware that might be in the system, it is looking for people trying to scan the ports for vulnerabilities as well.

Snort is a very useful tool to have when you want your entire network protected.

These are only a couple of the tools that you can use to examine your network and the packets that come through.

Take a look and try to find some others and let me know which ones work for you.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Trackbacks

  1. […] want to be able to see the raw data that is coming to the web site, then you can use a tool like Wireshark to see it.It will intercept the data packets and allow a user to read it.But if you want a more […]

Speak Your Mind

*