Let’s talk briefly about packet sniffer programs like Wireshark

You are likely aware of packet sniffing programs that will show you all the communication that goes on between attached computers; these are interesting programs indeed. Looking at the output they create is a little bit like looking into a microscope and seeing that tiny little world and if you are anything like me, at least before I started to learn about how Wireshark works. You think it’s cool, feel smarter for being able to read the data and pretend to understand it all, but in reality, it is very overwhelming and doesn’t really make sense. Sure you can find the source and destination addresses, the MAC addresses, the protocol being used, the payload, source port, destination port, and on and on and on.

All that is, of course, understandable, but how does it all fit together and when would you use it? Well, the obvious answer to using is for eavesdropping on traffic from other computers. Fortunately, for all of us, eavesdropping isn’t as easy today as it was several years ago. Today most of that “interesting” data is encrypted and requires the use of other programs to help decipher it. Also, network traffic travels over switches which also means that if your computer isn’t in the source or destination address, you aren’t likely going to see the data without other special tools. This blog post isn’t about hacking or eavesdropping, so we aren’t discussing that. For me, it’s all about troubleshooting using Wireshark and a little tool called the packet squirrel. I have to use them together, and together these provide an excellent setup that allows me to see the communication between a machine and the inspection system, between two machines, or between all the machines that chat with each other, and Packet Squirrel records it all.

When examining the packets from this equipment, I can see what data is being exchanged, and with some patience and diligence, I can figure if I have a bug in a program that is sending incorrect data. Instead of a bug, perhaps there is a hardware problem causing issues, or maybe there isn’t a problem, and I want to learn what data is in the traffic. Whatever the reason, it is interesting to see provides a wealth of information. But first, we need to make sense out of all that data, and that takes understanding the protocol being used.

Understanding isn’t a simple task and is better left for another time when we can break it down into much smaller pieces since many protocols are communicating between devices. Hopefully, this little discussion was enough to make you curious and wanting more details. So, I leave you here on a cliffhanger. But first, take a look at the book: Practical Packet Analysis, 3E: Using Wireshark to Solve Real-World Network Problems it taught me a lot and I recommend the read!

Oh, and BTW, that is a regular link; no affiliate program tied to it.

Till next week

Jeff

 https://www.amazon.com/Practical-Packet-Analysis-Wireshark-Real-World/dp/1593278020/ref=sr_1_2?ie=UTF8&qid=1539302361&sr=8-2&keywords=packet+analysis+with+wireshark

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.