From the course: Wireshark Essential Training
Benefits of traffic analysis - Wireshark Tutorial
From the course: Wireshark Essential Training
Benefits of traffic analysis
- [Lecturer] On today's networks there are many reasons for traffic analysis that include troubleshooting network problems, intrusion detection and forensics, and to gain a better understanding of protocols. Wireshark is a powerful packet analysis tool where you can capture, display and filter traffic live from a network interface. Network administrators, developers, security analysts, students, and building automation control specialists can all benefit from using Wireshark. Network administrators have long used Wireshark to monitor network traffic. To resolve bottleneck issues and it can help to build you firewall rules. A new player with Wireshark are developers. Developers can benefit from understanding protocol and application behavior. They can see how the routines behave and see if the application works the was they anticipated. They can also determine if it's the application or the network that causing slow response times. Security professionals find that Wireshark is a valuable resource. For example, if they suspect malicious activity they can look at the conversations and see if there's a strange port number. They can then do a Google search and determine what program uses that port and determine whether it's malicious or not. Using Wireshark can help students to better understand many of the common protocols used on a network today. They can then study the behavior of the protocol. We'll all familiar with the four packet exchange in the DHCP process, but if we drop it into Wireshark we can actually see the exchange of the discover, offer, request and acknowledge. And then we can drill down in each individual packet to see what is happening. With the proliferation and expansion of smart buildings, control technicians will find packet analysis invaluable as they can monitor traffic used for building automation using BACnet or LonWorks. For example, we see here BACnet stack services and in this exchange the control technician might bring up a flow graph, and here we can make sure that we are communicating with the correct host. The technician can then possibly follow either a UDP or TCP stream to see if the correct commands are at play. Wireshark is a free protocol analysis tool. It's rich in features, and it's used to examine traffic either live from a wired or wireless connection or by using pre-captured packets. We can analyze network problems, detect network misuse, perform regulatory compliance through content monitoring the perimeter and end-point traffic. We can monitor bandwidth usage per application and process. And we can verify endpoint security status to see if there are any unwanted protocols such as SSDP traffic and multicast DNS. And we can gather and report network statistics. In 2004 a colleague introduced me to Ethereal, now called Wireshark. I looked at the interface as it captured traffic and thought, I don't know what this is but I want to. I then spent years immersing myself in packet capture. Now let me help you learn Wireshark.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.