Wireshark 2.2.4 is a free and open source network packet sniffer and protocol analyzer developed as a first response tool. It is the most widely-used network protocol analyzer. I can be used to examine all network traffic because it’s a mini swiss army knife to network administrators who needs detailed visibility into the traffic on their network. It displays the raw data obtained by the sniffer and turns it into readable and meaningful data so that the user will be able to spot issues as well as correct network problems. It’s power lies in the ability to help an analyst find the proverbial “needle in a haystack” when the user is up to speed on what to look for and how to do it. This show helps the network professional get started with Wireshark!
If you've ever wondered what Wireshark is,
how to use it, and
perhaps what kind of network protocol
analyzers are available to us, well,
then you're in the right spot.
We really are gonna be taking a look at
how to use this utility to benefit you in
your network to analyze the different
types of traffic depending on where
you place this within your network, and
what machine do you really wanna focus
it on or in fact, your entire network.
So, let's go ahead and hand this off to
Ronnie Wong because he's gonna really
explain what we'll be looking
at within these series.
>> All right, as we get started and taking
look at using Wireshark, we, of course,
wanna make sure that you understand
the very basics of how to get set up and
have, not only the knowledge, but also,
of course, a few of the skills that you
need to get started in capturing data.
And, of course,
seeing what you really need.
So, what we're gonna begin with,
is just a simple installation
of Wireshark as well.
We're gonna talk about what Wireshark is,
but then, of course,
we'll install Wireshark.
I'm gonna show you how to install it,
not only in Windows which is by far
the most popular way to install it.
We'll also do it on the MacBook 2 and
then, we'll also show you how you can
install it in a Linux distro as well.
From that point, we would jump in to
just showing you how to do a basic
type of packet capturing, which is just
getting all the data onto your machine.
From that point, you can use it to analyze
the amount of data that you have captured.
So we're gonna perform a simple type
of data capture available for us.
Then, of course, now that you know
how to do those basic things,
it's the interface that can be really
confusing at times because there are so
many different options.
We're gonna walk you through
the most basic of the interface so
that you understand what you're seeing and
what the layout is, and of course,
how you can get access
to some of the tools.
And the beginning area is making sure,
of course, that we can start and
stop the capture as we need to.
Of course, with all the data
on our machines at this point,
the problem that we have is simple,
is now we have a gigantic virtual haystack
of all of these different
sleevers of data that we have.
How is it that we begin to pinpoint or
find that one needle in
a haystack that we need?
We'll talk a bit about using different
filters that will help us to begin to
whittle down that haystack to
really isolate and focus down
on the packets that we're really trying
to take a look at as well, okay?
Now, even though you think we
should be done at that point, well,
there are advanced features that we can
also talk about too, which of course,
is being able to capture the conversation
of the data between two machines, right?
So not only seeing one side of a capture,
actually being able to see if the data can
flow on both sides of the capture as well.
We'll take a look at doing that, as well
as, of course, using some of the expert
information tools that we'll see, that are
also built into Wireshark to help us to
kind of pinpoint in the unusual
traffic that we're analyzing.
Especially for errors and for warnings
that are going on in our systems or for
problems, we'll also be able to
use that to help us to focus them.
And then, of course,
lastly we'll start setting it up here for
taking a look at the statistical
information that we can also find out.
We'll take a look at the most
general types of statistics and
then we'll move into the realm
of protocols specific types of
statistics that we can
also take advantage of.
But, if you say, hey, I haven't
really worked with Wireshark before,
this is a great place for you to begin.
If you need a refresher,
this is a great place for you to begin.
As this series is really about
the foundation of learning about it,
we think that this will really help you,
especially if you're getting started in
it, to begin to use it, and
to feel more comfortable with it.
This series has the potential,
of course, of going on and
actually developing later content
which will add on to the end of this
particular short series of shows to
probably do more scenario types of
examination of data as it goes
across our interfaces too.
So, check back every once in a while as
you're watching through these series, and
you might see one, two,
or maybe even three or four different
episodes start adding in and
filling out Wireshark to help us to make
it the best possible show that we can.
But at least this will get you
a great start and a beginning.
So, if you are ready to actually start
taking that journey, get ready for
that very first episode, and
Cherokee and I will see you there.