TABLE OF CONTENTS Wireshark provides insight into what is occurring on a network, which is useful when implementing protocols, debugging network applications, testing networks, and debugging live networks. In situations involving interaction with a network at a technical level, most problems can be resolved using Wireshark.
Wireshark is an excellent educational aid. Being able to see and analyze network traffic is very instructive. This chapter covers the main components of the Wireshark Graphical User Interface (GUI), including:
Main window
Menu bar
Tool bar
Summary window
Protocol Tree window
Data View window
Filter bar
Information field
Display information
This chapter also covers the context-sensitive pop-up windows available in the Summary window, the Protocol Tree window, and the Data View window. It also explains the various dialog boxes that are launched by the menus and toolbars.
You will learn how to perform basic tasks in Wireshark (e.g., capturing network traffic, loading and saving capture files, performing basic filtering, printing packets) using the advanced tools provided by Wireshark. Examples have been provided to show you step-by-step how some of the less obvious areas of Wireshark work.
In order to use Wireshark you must first acquire Wireshark and install it. If you are running a Linux distribution it is likely that your distribution shipped with Ethereal, which is the predecessor to Wireshark. Due to the recent name change for the project, it is unlikely that Wireshark has been included and you will need to download...
