How To Capture And Analyse Data Packets Using Wireshark

Introduction

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally the name of the tool was Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues. It works similar to tcpdump in linux but the problem is that there is no GUI for tcpdump. Wireshark is having a nice interface through which we can differentiate the data as per the different parameters and then we can analyze the packet transfer process.

How to Capture Packet

Whenever we want to do an analysis of any data packet the the first step is to capture the packet which is coming and outgoing then we use packet analyzer tool named Wireshark.

Step 1: First we need to download and install Wireshark on our machine as per our operating system. Wireshark is available to download and install on all the most used platforms. Source: Download Wireshark

Step 2: We need to start the Wireshark with administrative permission it will show the below window. Here we need to select the appropriate interface through which we want to capture the packets.

Step 3: Once we select the interface then Wireshark starts capturing packets and showing the list of packets and live to capture packet window. Wireshark will keep capturing live packets untill we stop capturing.

Step 4: If We want to continue the live capturing then we can keep capturing the packet and if we want to stop capturing then we can click on stop capturing packet menu in the toolbar.

Step 5: We can see the various column in the Wireshark window i.e. no. Time, Source, Destination, and protocol, etc. Now we can select the appropriate packet which we want to analyze.

Step 6: As per the various packet format we can select and analyze that how the packets are being transferred over the internet.

Conclusion

When we analyze the packet then we can see which protocol is used at various layer. What is the size of actual message and and size of various header. We can also identify the various segments of the original message because a large message reach to destination from source in the form of segments.