Use Wireshark to capture and analyse packets

This one is probably aimed more at the geekier end of the market, but it is an application well worth covering.

There are many reasons why you might want to capture the raw network traffic that is entering and leaving your system. This can be for diagnostic purposes when something has gone wrong, finding out if there's a rogue program on your network, or if you're just curious about what communications are going on.

Wireshark (formerly Ethereal) is one of the most well known free software packet capturing and analysis tools available. It is cross platform, and runs on Windows, Linux, Mac OS X and many other Unix-like operating systems.

A basic capture can be started by clicking the leftmost button on the toolbar and then selecting your primary network interface and clicking Start.

Wireshark Interface list

From that point on, Wireshark will capture all of the packets that are entering and leaving that interface. You can now get to work as normal, or do some action and come back and analyse the results later.

Wireshark analysis interface

The analysis interface allows you to filter the packets by many criteria, including protocol, source, destination and many more powerful filters. You can then deconstruct what is going on by looking at the hex view, or on supported protocols, by looking at the data (such as the HTTP conversation in the screenshot above).

Packet dumps can then be saved to disk in libpcap format, and reopened in Wireshark or another program that supports the format.

Packet analysis isn't for the faint of heart, or for those who don't have some understanding of TCP/IP and other networking concepts. If you do like to delve a little deeper into what's going on network-wise, however, Wireshark is an invaluable tool and one of the best programs in its class.

Avatar for peter Peter Upfold -

Peter Upfold is a technology enthusiast from the UK. Peter’s interest in Linux stems back to 2003, when curiosity got the better of him and he began using SUSE 9.0. Now he runs Linux Mint 9 on the desktop, runs a CentOS-based web server from home for his personal website and dabbles in all sorts of technology things across the Windows, Mac and open source worlds.

Home » Articles »

Discussion: Use Wireshark to capture and analyse packets

  1. # Posted on 17 April 2008 at 03:19 AM

    <strong>Story added...</strong>

    This story has been submitted to! If you think this story should be read by the free software community, come vote it up and discuss it here:

  2. # Posted on 19 April 2008 at 02:23 PM

    [...] Use Wireshark to capture and analyse packets [...]

  3. transformer (guest)

    # Posted on 19 January 2009 at 06:29 PM

    what is the use of this captured packets?

Home » Articles » Use Wireshark to capture and analyse packets