My Journey with Wireshark and TCPDump

Alla YasheelaAlla Yasheela
3 min read

Table of contents

Introduction to Network Analysis

Network analysis is like being a detective in the digital world. It involves capturing and examining data packets traveling across a network to understand what’s happening, identify issues, and ensure security. Recently, I completed the "SBT Introduction to Network Analysis" course, where I learned to use powerful tools like Wireshark and TCPDump. This hands-on experience has been a game-changer in my understanding of network traffic and security.

Analysis with Wireshark and TCPDump

Wireshark and TCPDump are essential tools for anyone looking to dive into network analysis. Wireshark offers a user-friendly interface, while TCPDump is a command-line tool, both of which are invaluable for capturing and analyzing network data.

How to Use Wireshark

Wireshark is a popular network protocol analyzer that provides visibility into network traffic in real-time. Here’s a quick guide on getting started with Wireshark:

Download and Install Wireshark:

  1. Head over to https://www.wireshark.org/download.html and download the appropriate version for your operating system. Follow the installation instructions.

Capture Network Traffic:

    • Open Wireshark and select the network interface you want to monitor (e.g., Wi-Fi or Ethernet).

      • Click the blue shark fin icon to start capturing traffic.

Filter Traffic:

    • Use display filters to narrow down the captured data. For example, type http in the filter bar to view only HTTP traffic.

      • Common filters include ip.addr == 192.168.1.1 to see traffic to/from a specific IP address, or tcp.port == 80 to filter by port.

Analyze Packets:

    • Click on a packet in the list to view its details.

      • The middle pane shows the protocol hierarchy of the selected packet, and the bottom pane displays the raw data.

      • Right-click on a packet to follow a TCP stream, which shows the complete conversation between two endpoints.

Monitoring usage:

Now, let’s check the Protocol Hierarchy to find out just how much it uses our network. Click Statistics , and then Protocol Hierarchy.

This is the Protocol Hierarchy screen, and you can see the percentage of bytes being used, and other information.

Save and Export Data:

    • After capturing the required traffic, you can save the capture file for later analysis. Go to File > Save As and choose a location.

      • Export specific packets by selecting them, then going to File > Export Specified Packets.

How to Use TCPDump

TCPDump is a powerful command-line packet analyzer. Here’s how to get started:

  1. Install TCPDump:

    • For Linux, you can install it using the package manager. For example, on Ubuntu, run sudo apt-get install tcpdump.

    • For macOS, use Homebrew: brew install tcpdump.

  2. Capture Network Traffic:

    • Open a terminal and run sudo tcpdump -i eth0 (replace eth0 with your network interface) to start capturing packets.

    • Use -w to write the captured packets to a file: sudo tcpdump -i eth0 -w capture.pcap.

  3. Filter Traffic:

    • Capture only specific traffic using filters. For example, sudo tcpdump -i eth0 port 80 captures only HTTP traffic.

    • Other examples include tcpdump src 192.168.1.1 to capture traffic from a specific IP.

  4. Analyze Captured Data:

    • Open the capture file in Wireshark for a detailed analysis: wireshark capture.pcap.

    • You can also use TCPDump to read the capture file: tcpdump -r capture.pcap.

Final Thoughts

The "SBT Introduction to Network Analysis" course provided a perfect blend of theory and hands-on practice, significantly enhancing my skills with Wireshark and TCPDump. Whether you're a network administrator, security professional, or just someone interested in understanding network traffic, these tools are invaluable.

If you’re looking to get started in network analysis, I highly recommend diving into Wireshark and TCP Dump. The insights you gain will be incredibly valuable in ensuring network performance and security.

If you're interested in learning this course or gaining hands-on experience with Wireshark and TCPDump, you can explore it Here

Thanks for reading!

0
Subscribe to my newsletter

Read articles from Alla Yasheela directly inside your inbox. Subscribe to the newsletter, and don't miss out.

WiresharkTcpdump, Network Troubleshooting, Network Security, Packet Analysis, Command-Line Tool, Network Traffic Capture, Network Traffic Analysis, Real-time Analysis, Packet-level Analysis, Customizable Filters and Options

Written by

Alla Yasheela
Alla Yasheela

I'm Yasheela, an undergraduate with a deep interest in DevOps, and cloud technologies. Currently working on exciting projects on all things DevOps. I’m passionate about simplifying complex concepts and sharing practical insights. Through my Hashnode blog, I document my learning journey, from building scalable applications to mastering cloud services, with the goal of empowering others to grow their tech skills. Let's Learn Together !!