software

Analyze all network traffic entering and leaves the pc with wireshark

In general, our computer, whenever we have it turned on, is connected to the Internet or a local network. This makes it vulnerable to any hacker attack or exposed to malware infections. To avoid this, the normal thing is that we use a powerful antivirus that helps us to be as protected as possible. But, in addition, it is also advisable to use a network analysis tool, which helps us identify and block malicious packets. This is something that we can achieve with the help of a program like Wireshark, which we are going to talk about next.

Wireshark is a packet analyzer that will allow us to capture and analyze in detail all the network traffic that enters and leaves our computer. Among its great qualities, it is worth highlighting its enormous versatility as it is capable of supporting hundreds of different protocols. It also has the possibility of working with the data captured in a session such as those that have been previously captured and are stored on the hard drive.

Among the main features of Wireshark we can highlight:

  • Deep inspection of hundreds of protocols, allowing live capture and offline analysis.
  • The captured network data is accessible from its interface or through the TShark utility in TTY mode.
  • Perform full VoIP scans.
  • It has a standard package browser with three panels.
  • It allows reading and writing different file formats such as: tdpdump, Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer, TokenPeek, among others.
  • Decryption support for various protocols such as IPsec, ISAKMP, Kerberos, SNMPv3, SSL / TLS, WEP, and WPA / WPA2.
  • Live data can be read from Ethernet, IEE 802.11, PPP / HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others.
  • Cross-platform: compatible with Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, etc.

Wireshark is an advanced and reliable protocol analyzer

Once we run the application, its main menu appears with an interface that we can configure during the installation process to appear in Spanish. It has a central panel where it shows us all the network cards and network interfaces of our computer. It will be possible to capture the traffic of any network card, whether physical or virtual. At the top we find the classic task bar organized by tabs.

Select the network card and capture the traffic of different protocols

To start capturing the traffic, just double click on the network card. Once this is done and the program will automatically begin to capture all the traffic of said network, both inbound and outbound. Before starting, it is always advisable to close those programs whose network traffic we do not want to capture, as well as the firewall that can block certain traffic.

Once we have double-clicked on the network card, a new screen appears where we can capture traffic from different protocols such as QUIC, TCP, DNS, TLSv1.2, DB-LSP-DISC / JSON, ARP, among others, belonging to to the different applications that we have in execution at the moment of starting the traffic capture. If we click on any entry, all the details about the data packet, the network level, the transport or the application level, as well as the source and destination port are expanded in the lower box.

Color schemes for correct monitoring

When it comes to ensuring that we correctly monitor any type of package, it is to apply color schemes to each type of connection, in this way those that we consider the most important turn out to be the most visible. In the event that we do not like the color templates that the program offers us, we can create a personalized one, associating each tone to the chain it supervises.

Another interesting function that this network protocol analyzer offers us is a statistics function , which we can use to generate reports that can be analyzed later. Depending on our needs at all times, it is possible to choose to view the details of the protocol hierarchy, the end point, the lengths of the packets or the I / O graph.

Conclusions

Wireshark is an application that can be extremely useful in the event that we want or need to have an exhaustive control of our network connections and limit them when necessary. Of course, we are not talking about an application for all users since it will be necessary to have advanced knowledge to be able to take advantage of and make the most of the full potential that this program offers.

Wireshark free download

Wireshark is a completely free program that we can download from its website . It is compatible with a wide variety of operating systems such as Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, among others. It will also be necessary to have the WinPcap application installed that we can download from this link.

In the case that we have Windows as an operating system, we must know that it has a version with installation and another portable. Thanks to this, it can be run on any external storage device such as a hard drive, a pendrive or a memory card.

The latest version available for Wireshark is 3.3.4 . This version was released on March 10, 2021 . This fact speaks magnificently of the great support and updates policy of which its developers are proud.

Alternatives to Wireshark

If we are looking for a program with which to analyze the advanced network protocols on our computer, we propose some alternatives to Wieeshark that we must know:

WinDump

It is a free network management and control tool that performs its function through the command line. Among its functions is the ability to intercept and display packets, TCP / IP or others that are transmitted over the network to which we are connected. It is based on the WinPcap libraries that can be downloaded from its official website. We can download WinDump for free from this link.

Free Network Analyzer

This free software allows us to monitor networks that can analyze both wired and wireless connections on our computer. With it we can capture, filter and display all kinds of traffic data, as well as decode the raw data of the network packet. These packages are analyzed, extracted and displayed legibly, offering a complete analysis of the data transferred to our PC. We can download it from here.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button