Installing a software to analyze the user traffic might be problematic, however a little guidance and words of caution from the previous users might be of help. The current report is an attempt to provide the users of Wireshark software with a similar guidance.
Wireshark, formerly known as Ethereal, is network protocol analyzer software that helps the user to capture and analyze the traffic on the computer. The software is available free for the users to download and this means that the users need not pay any nominal charges for availing this service unless they are being offered this software along with some other user support package.
The Wireshark software is compatible to be run on all kinds of operating systems, with the new version suitable even for the systems operating on Windows 7 and the installation process is as well very user friendly. The process of installing Wireshark in a Windows 7 32-bit system, for instance takes just three simple steps.
Following the download of the software from its website or any other reliable source the installation can guide would help the user through the installation process.
Choose components to be installed (usually are marked & can be unmarked by the user if need be).
On choosing the installation destination, the installation would be complete and available for user to explore.
Following the successful installation, the user can avail the services of the network protocol analyzer that helps them avoid unnecessary data/ traffic interruption. The software provides features that help the user select certain internet actions and regulate the TCP (Transmission Control Protocol) which is the reliable transport for most internet applications.
Wireshark has one of the most powerful features known as display filters to help drill down to exact traffic one wants to see. This also forms the basis of several wireshark’s other features. Following are the examples of 5 different filters:
Filter: eth.addr[0:3] == 00-04-f2 || bootp.hw.mac_addr[0:3] == 00-04-f2
Usage: ${plcmall}
Filter: eth.addr == 00-04-f2-$1 || bootp.hw.mac_addr == 00-04-f2-$1
Usage: ${plcm:12-34-56}
Filter: eth.addr[0:3] == 00-26-fd || bootp.hw.mac_addr[0:3] == 00-26-fd
Usage: ${issall}
Filter: eth.addr == 0026-fdf0-$1 || bootp.hw.mac_addr == 0026-fdf0-$1
Usage: ${iss:1234}
display filier = Ip.addr
explanation = Shows only the packets with source or destination IP address is 12.12.12.12.
example = Ip.addr == 12.12.12.12
REFERENCES
Lydia Parziale et al, TCP/IP Tutorial and Technical Overview, IBM Redbooks, 2006: Chapter 3 & 4.
Retrieved from : http://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf
Geoff Huston, TCP Performance, The Internet Protocol Journal, Vol .3, No.2, June 2000.
Retrieved from http://www.cisco.com/web/about/ac123/ac147/ac174/ac196/about_cisco_ipj_archive_article09186a00800c8901.pdf