Web Hosting Security

  Home arrow Web Hosting Security arrow Page 2 - Packet Sniffing with Wireshark
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WEB HOSTING SECURITY

Packet Sniffing with Wireshark
By: Barzan 'Tony' Antal
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 5
    2009-11-04

    Table of Contents:
  • Packet Sniffing with Wireshark
  • What’s Sniffin’ About?
  • Doing It Yourself
  • Final Thoughts

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     

    SEARCH WEB HOSTERS

    TOOLS YOU CAN USE

    advertisement

    Packet Sniffing with Wireshark - What’s Sniffin’ About?


    (Page 2 of 4 )

    Communication over digital networks happens via data streams. These streams of data are basically nothing but a sequence of coherent packets, which can be either encrypted or unencrypted. This is the simplest definition of the way data is transferred and received. As you may guess, this is the process that goes on while you surf the Internet, send and receive mails, talk over IM, and download photos from MySpace.

    Chances are that by now you already have an idea of what packet sniffing may be. It is all about intercepting the flow of data that goes over and through your network interface(s). The packets are sniffed, and they are also analyzed (thus, network protocol analyzer). The software, therefore, is able to understand a multitude of protocol types (by knowing their structure). If necessary, it also decodes immediately.

    (Image Courtesy of Post Fix Virtual)

    The entire data flow is split into millions of packets. Each has a specific size and structure. These structures are different for each protocol type. Therefore, packets not only contain the data that’s being transferred; they also contain lots of extra information, such as version, header length, type of service, total length, identifier, flags, fragment offsets, TTL (time to live), protocol, header checksum, source address, destination address, options + padding, and these would be all in the case of IP packets.

    The packet sniffer application practically acts like a passive dog that does nothing but capture and analyze. However, it should be noted that the packets aren’t sent to the sniffer; it just observes them itself without being addressed. Furthermore, its analyzer component is “smart,” since it knows the structure of each type of packet. Therefore, it’s able to split the packets into their segments and report.

    Before we begin with Wireshark, let’s also analyze the advantages of capturing and analyzing packets. One might pretty much ask – why should we sniff packets at all? It’s pretty clear, though. Analyzing network problems, detecting network intrusion attempts and their detail, monitoring and logging network usage, filtering specific kinds of suspect content, reverse engineering specific protocols, debugging client/server apps, other network implementations, and finally… collecting sensitive information if necessary.

    Systems administrators and security analysts are always using their trusty Wireshark (or Ethereal, as it was called back then) to figure out the scheme of intrusion attempts or other malicious activities that are oh-so-frequent in the case of a big corporate environment; denial-of-service attacks, for instance. You can figure out its type, and then you’re able right away to implement countermeasures with your firewall.

    We’re going to use Wireshark for our experiments because it is clearly one of the best, if not the best. It is also cross-platform, works on any UNIX or UNIX-like machine and also on Windows operating systems. It supports both wired and wireless (802.11) networks, token-ring, FDDI, serial (PPP, SLIP), and even Asynchronous Transfer Mode.

    More Web Hosting Security Articles
    More By Barzan 'Tony' Antal

    WEB HOSTING SECURITY ARTICLES

    - For Online Security, Invest in People
    - World`s Third-Largest Botnet Bites the Dust
    - Yahoo Security Breach Highlights Poor Practi...
    - How to Prevent Mobile Malware
    - FBI Issues Internet Security for Travelers a...
    - More of the Top Internet Scams
    - How to Stop Phishing Scams
    - Social Networking Safety Tips
    - How to Avoid Financial Fraud Online
    - Android`s Most Notorious Trojans and Viruses
    - GFI Report Details Top 10 Threat Detections ...
    - Sophos Releases Security Threat Report 2012
    - Facebook Safety Tips for 2012
    - Email Scam Hits Apple Users
    - Tips for Mobile Security

    Developer Shed Affiliates

     




    © 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap