Using Wireshark for Network Traffic Analysis
Before we start with Wireshark, let's have an understanding about what exactly is Network traffic and how can it be calculated.
What is Network Traffic?
Network Traffic or Network Data is the amount of data(packets) moving across a network at any given point of time.
Traffic volume = Traffic Intensity * Time
So, how does the network traffic looks like:
Above is a screenshot, showing all the information which is sent over along with data packets on a network. It includes several informations like:
- Time: Time at which packets are captured.
- Source: Source from which the packet originated.
- Destination: The Sink where packets reach finally.
- Protocol: Type of Internet protocol(or set of rules) the packet followed during its journey like:
- Info: The information that packet contains. Generally, the information is encrypted for obvious reasons. But in some cases its unencrypted also, but that is rare.
What is Wireshark?
According to Wikipedia, "Wireshark is a free and open source packet analyser. It is used for network troubleshooting, analysis, software and communications protocol development, and education."
Basically, Wireshark is an open source tool to analyse network traffic or simply speaking, Wireshark captures data from a LAN wire, or from a live network connection or read from a file of already-captured packets. Live data can be read from different types of networks, including Ethernet, IEEE 802.11, PPP, and loopback.
We can create a
tcpdump file for the captured traffic. Wireshark allows you to save file in multiple extensions but for our purpose we will use
.pcap extension. It is the most widely used format.
Captured Network Traffic using Wireshark