Analyse Linux networks through the ethereal world of Wireshark
This is terrific for security matters – like network intrusion detection, but that’s not all. Wireshark has an untold number of more regular uses, which include troubleshooting network problems and administering your system.
One of the best features of WIreshark is that it is open-source and extensible; it has a wide community of developers who keep adding support for legions of protocols. Consequently, it supports absolutely hundreds of protocols making it extremely competitive with commercial tools (at this time, there are 759 supported protocols); it can read capture files from over 25 different products; it can capture data from Ethernet and 802.11 wireless networks among others like token-ring; output can be stored in a rich variety of formats like libpcap, NetMon and more, as well as printing in plaintext and PostScript.
Wireshark was developed in 1997 by Gerald Combs, and was called Ethereal at that time, a play on the word Ethernet. Combs was seeking to build his knowledge of networking and wanted a robust network troubleshooting tool. He took it upon himself to build one that met his requirements. He publicly released the product under version 0.2.0 in July 1998. Subsequently its popularity has grown and grown and many programmers around the world have added to its capabilities. Due to trademark issues (specifically, Combs by then former-employer owned the rights to the name Ethereal), the product was forced to change name; in June 2006 it was rebranded Wireshark. In May 2007, e-Week dubbed Wireshark one of the most important open-source apps of all time.
Note well that the ability to sniff packets is a sensitive operation; it’s possible malicious people could use such information for harmful purposes. As a result, most all operating systems reserve this power only for super-users who have unfettered access, and not the ordinary users. The upshot of this is that the bulk of Wireshark’s capturing routines mandate it running as the super-user. Given that Wireshark has such a plethora of add-ins, by hundreds of different programmers from around the world, there is a real risk that a badly written add-in will have vulnerabilities that are exploitable by others. In fact, there have been security warnings in the past regarding third-party Wireshark protocol decoders.
Given this, if you are working in a sensitive environment with obscure protocols it may be prudent to use a program like tcpdump to seize the initial raw information and capture it to disk. It is then possible to run Wireshark, without any elevated privileges, to analyse this captured data. It only requires higher-level access for the actual live data capture itself.
RECRUITMENT & RETENTION REPORT 2013HIRE OR FIRE? BUY OR BUILD
2013 is well underway and Australian companies need to know whether they should invest in IT skills training or pay a premium for the people they need.
If you want to know which choices are being made in your sector, what skills are hard to find, which sectors intend to hire or fire and where the IT spend is going, this free report is must have.
David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. Within two years, he returned to his alma mater, the University of Newcastle, as a UNIX systems manager. This was a crucial time for UNIX at the University with the advent of the World-Wide-Web and the decline of VMS. David moved on to a brief stint in consulting, before returning to the University as IT Manager in 1998. In 2001, he joined an international software company as Asia-Pacific troubleshooter, specialising in AIX, HP/UX, Solaris and database systems. Settling down in Newcastle, David then found niche roles delivering hard-core tech to the recruitment industry and presently is the Chief Information Officer for a national resources company where he particularly specialises in mergers and acquisitions and enterprise applications.