Wireshark 1.2.0 – New Version

Wireshark is a tool that performs packet and protocol analysis on a network. Packets are the virtual transport mechanism that moves are data from sender to receiver. Each packet has a header and payload – the header contains information about where the packet came from and where it’s going, as well as the protocols being used. The payload has our actual digitized data – parts of website, text, a section of photo, or a clip of audio from an MP3 or a phone call. If you don’t get all of the packets then a phone call may sound choppy or it may take a while to download a complete file. Wireshark allows you to take a look at the packets you are sending and receiving and learn a lot more about what it happening and what’s breaking down. Wireshark is not for the lighthearted, as the tool requires knowledge of protocols and a deep understanding of OSI, IP, and TCP/UDP at the very least. But, with time, Wireshark becomes invaluable to the troubleshooting process. I have relied on the tool for my work supporting Voice-over-IP (VoIP) and system and application connectivity. The only side-effect to Wireshark is that you will soon realize why it’s not a good idea to surf the web in a public spot (without a VPN or encryption).

The new version of Wireshark includes more protocols that it will decode, supports 64-bit Windows, and has GeoIP integrated support. Also, Wireshark works perfectly with my passive network cable. Visit www.wireshark.org to download the latest version and learn more about it.

Passive Packet Capturing

User A to User B packet data traffic can be monitored through a HUB by User C using a “receive‑only” Ethernet cable.

On the HUB end of the cable, there is a loop between TX and RX to activate the HUB port. Any traffic through the HUB will now include this port in the broadcasts.

User C taps onto the loop by its receive pins.

Once the connections are made to the HUB, User C will receive all packets that flow through the HUB, but User C will not transmit any packets towards the HUB (no DHCP requests and no ARP requests).

The NIC on User C is in promiscuous mode capturing all incoming packets only.

Using a receive-only Ethernet cable in this configuration allows for the ability to passively capture packets, while not actively being a part of the network.

Network administrators can actively test for devices in promiscuous mode, monitor for DHCP and ARP requests, and review MAC tables to determine the presence of a packet analysis tool.