Technology news and Jobs 
Information Technology News Analyse Linux networks through the ethereal world of Wireshark
Information Technology News Analyse Linux networks through the ethereal world of Wireshark | Analyse Linux networks through the ethereal world of Wireshark |
|
| by David M Williams | |
| Monday, 29 October 2007 | |
|
Page 3 of 3 Wireshark also requires the GTK+ and Glib graphical libraries for its user interface, but again, these are virtually assured to be installed along with any Linux distro. The Windows port of Wireshark also requires these libraries, using GTK+ and Glib to render its graphical user interface on that platform too.Featured Whitepaper
5 Best Practices for Smartphone Support
Whichever method you use, launch Wireshark via, sensibly, the command wireshark. From here, the best way to learn is by self-exploration, in conjunction with the Help menu. As mentioned above, the main window is split into three major panes, with the top pane reporting what Wireshark is seeing and the other two panes giving different levels of detail on specific packets. There are three other important elements making up the window; a menu bar – in typical fashion – contains drop-down menus that give access to program options and facilities like importing or exporting captured data. A tool bar of icons gives fast access to commonly used functions; a tool tip will pop-up if you hover the mouse over any icon for a small moment of time. Thirdly, a filter bar applies filters to quickly restrict which packets are displayed. Press the Filter button on the filter bar to call up a dialog box which lets you construct filter criteria with a minimum of fuss. Additionally, Wireshark has a simple language for directly typing in filter statements. If you learn the language, you can enter filters very rapidly. To help with the language structure, the filter bar is colour-coded to give visual feedback – white means there is no filter applied to the data; green indicates a filter has a valid syntax; and red means the filter is incomplete or syntactically incorrect. Note well that green does not necessarily imply the filter has been applied, merely that what has been typed in is valid syntax. The control used for entering filter conditions is a drop-down list; as well as typing directly into it, you can click the arrow to review previous entered filters, as well as recall any. To remove all currently applied filters, click the Reset button. Use the File menu for the expected save and retrieve functions. You also use the File menu to print, but printing in Wireshark requires some different thought than printing from any other application. You will have captured a whole mess of data and need to consider how much you want to print, and then how much detail on each packet. When you click File/Print you will be prompted to specify this information. Options include the packets currently showing in the summary window, or even specifically marked packets within the summary window, as well as a range of packets and other means of constraining the output. The File/Print dialog is also used for sending formatted output to disk files, whether in plain text or a printable form like PostScript. As well as restricting the packets, the dialog box also prompts for the amount of information you wish to print, for every packet. This may be as little as a very brief summary of the key fields, or as much as the whole expanded protocol tree as would be shown in the middle pane on-screen. It’s well worth checking out Wireshark; we’ve barely scratched the surface of the power it offers. You will find a plethora of functionality to make plain just what is happening on your network. This is invaluable information for anyone troubleshooting network faults. You’ll even find attractive graphs to help convey complex material in easily-digested charts and images. |
Tags
| < Next story in category | Previous story in the category > |
|---|
