WIRESHARK (FORENSIC TOOL)

-

 Wireshark 

What is Wireshark?


            Wireshark is a widely used network protocol analyzer or packet sniffer. It is an open-source tool that allows users to capture and inspect the data traveling back and forth on a computer network. Wireshark can analyze the packets of data that flow over various network interfaces, such as Ethernet, Wi-Fi, and more. It provides a detailed view of the network traffic, allowing users to analyze the communication between devices, troubleshoot network issues, and investigate network security incidents. Wireshark is used by network administrators, security professionals, software developers, and researchers to diagnose network problems, analyze network performance, investigate security incidents, and gain insights into how different devices and protocols interact on a network. It's a powerful tool for gaining a deep understanding of network communications and behavior.

👉Key features of Wireshark include: 
Packet Capture: Wireshark captures packets from a network interface, allowing you to see the raw data being transmitted between devices.  
Packet Inspection: It provides a graphical interface to view and analyze the contents of each captured packet, including protocol headers, payloads, and other metadata.
Protocol Decoding: Wireshark can decode a wide range of network protocols, enabling users to understand the different layers of communication occurring within the packets.
Filtering and Search: The tool allows you to apply filters and search for specific packets based on various criteria, such as source/destination addresses, protocols, port numbers, etc.
Statistics: Wireshark generates various statistics and graphs based on captured packets, helping to identify trends, anomalies, and potential performance issues.
Export and Analysis: Captured packet data can be saved and shared for further analysis, collaboration, or investigation.
Protocol Dissection: It dissects complex protocols into understandable elements, making it easier to analyze and troubleshoot network behavior.

What are the features of this tool?

Wireshark is a feature-rich network protocol analyzer that offers a wide range of capabilities for capturing, analyzing, and troubleshooting network traffic. Some of its notable features include:
  • Live Packet Capture: Wireshark can capture packets in real-time as they traverse a network interface. It supports various capture sources, such as Ethernet, Wi-Fi, USB, and more.
  • Protocol Decoding: The tool can decode and display the details of a vast array of network protocols, ranging from common ones like HTTP, TCP, and UDP to more specialized protocols.
  • Powerful Display Filters: Wireshark allows you to apply display filters to focus on specific packets based on criteria like source/destination IP addresses, port numbers, protocols, and more.
  • Colorization: It colorizes packets based on different criteria, making it easier to identify patterns or issues in the network traffic.
  • Packet Analysis: Wireshark provides detailed information about each captured packet, including protocol headers, timestamps, packet lengths, and other metadata.
  • Packet Reconstruction: The tool can reassemble fragmented packets, allowing you to view the complete contents of a packet spread across multiple frames.
  • Protocol Hierarchy: Wireshark organizes packet data in a hierarchical manner, showing how different protocols are encapsulated within each other.
  • Statistics and Graphs: It generates statistics and graphs related to captured packets, such as traffic trends, packet rates, round-trip times, and more.
  • Export and Saving: Captured packet data can be saved in various file formats, such as PCAP or PCAPNG. This allows for offline analysis or sharing with others.
  • Customizable Profiles: Users can create customized profiles to define preferences, column layouts, and coloring rules.
  • Expert System: Wireshark includes an expert system that provides insights into potential issues or anomalies detected in the network traffic.
  • Remote Capture: It supports remote packet capture, allowing you to capture packets from network interfaces on other machines.
  • Scripting and Automation: Wireshark supports scripting using Lua, which allows for the automation of tasks and the creation of custom dissectors.
  • Live Capture Filters: You can set filters to capture specific types of packets, which can help reduce the amount of captured data and focus on relevant traffic.
  • Conversation View: Wireshark can group related packets into conversations, helping to understand the flow of communication between devices.
  • Follow TCP Stream: This feature allows you to follow the entire stream of data exchanged between two endpoints over a TCP connection.
  • Custom Protocol Dissection: Users can create custom protocol dissectors to decode and analyze proprietary or less common protocols.
These features make Wireshark a powerful tool for network analysis and troubleshooting, whether you're a network administrator, security professional, developer, or researcher.

Steps to install the tool:

Step1:-Conduct an online search for Wireshark using a web browser.


Step2:-Select the first shown link and start download.


Step3:-Without modifying any settings, proceed to click on the "Start Download" option.


Step4:-Downloading.


Step5:-Once completed click on "Open".


Step6:-Simply click "next".


Step7:-Read the License and click "Noted".


Step8:-Without modifying any settings, proceed to click on the "Next" option.


Step9:-Select the checkbox if you wish to have a Wireshark icon placed on your desktop, and then proceed by clicking the "Next" button.


Step10:-Without any modification click "Next".

Step11:-Again no changes and click "Next".


Step12:-Tick the checkbox "Install USBPcap 1.5.4.0", then click "Install".


Step13:-Now it's processing, once done click "Next".


Step14:-Click on "I Agree" option.


Step15:-Here tick all the checkbox and click "Install".


Step16:-Now it's processing, once done click "Next".


Step17:-Just click on "Finish".


Step18:-Tick the checkbox and click "Next".


Step19:-Without any changes just select "Next".


Step20:-Simply select the "Install" option.


Step21:-Once completed click on "Close".


Step22:-Processing, after that click "Next".


Step23:-Now here change the option, select the second one and then click "Finish".


Step24:-Installation is done. Search for Wireshark app and good to goo.


Step25:-Once opened, it will show "Welcome to Wireshark".



Comments

Post a Comment

Popular posts from this blog

CAREER TECHNOLOGY CYBER SECURITY INDIA PVT LTD.

-
Image
CAREER TECHNOLOGY CYBER SECURITY INDIA PVT  LTD. ISO 27001:2013, ISO 9001:2015 Certified  Company         INTERNATIONALLY AUTHORISED FOR CYBER FORENSICS, CYBER SECURITY, CYBER AUDIT TRAINING & EXAM CENTER BY MILE2 CYBER SECURITY United States First ATC of Mile 2 Cyber Security in Mumbai & MIRA-BHAYANDER / VASAI-VIRAR, Since JAN 2017. Offline as well as Online batches both are available. PG accommodation for students is available. Joi n   CAREER TECHNOLOGY CYBER SE CURITY INDIA  PVT LTD.   Today  To Start Your  Career In  Cyber Security. * OUR PROFESSIONAL DIPLOMA COURSES FOR  ALL  UNDERGRADUATE ,    GRADUATE ,  AND  WORKING PROFESSIONALS* __ ______________________________________________________________________ Why do you have to choose our institute? 1. Our Diploma is Authorised by the Indian Government as well as its full copyright & Trademark by ISO. IT will help you to add Extra Technical Skills in     Your Resume. Its Contains Full Practicals Knowledge from the In
Read more

Cyber Security Audits

-
Image
 Cyber Security Audits What is Cyber Security Audit?                 A cyber audit, at its core, refers to a systematic evaluation and assessment of an organization's information systems. This evaluation is designed to identify potential vulnerabilities, non-compliance with standards, and areas of improvement in both technology and processes, all with the aim of safeguarding digital assets against potential threats. Cyber audits delve deeply into the organization's technological infrastructure, scrutinizing hardware, software, networks, and even the practices and protocols that users and administrators follow. This in-depth review allows for a holistic understanding of the current cybersecurity posture of the entity and helps in crafting more robust and resilient digital environments. The rationale behind conducting a cyber audit often stems from both internal and external pressures. Internally, management recognizes the intrinsic value of their digital assets, understanding th
Read more

Some Dark web Links

-
Image
Here are some of the Forum/Website to visit on dark web related to cybersecurity and hacking. Before visiting this website please follow the steps to be safe on the dark web/ Deepweb. Security Steps to be taken before opening the links: First of All, To browse these dark web forums, first close all active programs and applications in your computer then start Your NordVPN or any Paid and HQ VPN that have TOR service and select Onion Over VPN Server.  Now start Tor Browser and disable Javascript. In this way, you have created a completely secure and untraceable environment for you. If you think Tor Browser gives you full anonymity then you are wrong.  Only premium VPN services can provide you fully secure and untraceable environment. I have tried my hands on many premium VPN services, and I found NordVPN beats its competitor in all features. Disclaimer ⚠ : This info are shared for educational purpose only, neither the website nor creator hold any info or liable to any
Read more