In industries, many systems are based on networks comprising different devices and controllers that work on some protocols. Often the need arises to monitor the entire communication process to make the system more efficient. Sometimes, there is a need to monitor the process to remove numerous faults and errors. A packet sniffer is just the software needed to meet such requirements. This article describes how you can check and analyse data passing through a network using a popular packet sniffer called Wireshark.
What a packet sniffer is
Packet sniffers or protocol analysers are tools that are commonly used to diagnose network-related problems. These can also be used by hackers for spying on network user traffic and collecting passwords.
In its simple form a packet sniffer simply captures all packets of data that pass through a given network interface. Typically, it only captures packets that were intended for the machine in question. However, if placed into promiscuous mode, it is also capable of capturing all packets traversing the network, regardless of destination.
How it works
Packet sniffers work by intercepting and logging network traffic that these can see via the wired or wireless network interface to the computer in use.
On a wired network, what can be captured depends on the structure of the network. A packet sniffer might be able to see traffic on an entire network or only a certain segment of it, depending on how network switches are configured, placed, etc.
On a wireless network, a packet sniffer can usually only capture one channel at a time, unless the host computer has multiple wireless interfaces that allow for multichannel capture.
Once raw packet data is captured, packet sniffing software must analyse it and present it in human-readable form so that the person using the software can make sense of it. The person analysing the data can view details of the conversations happening between two or more nodes on the network.
Wireshark is a free and open source packet analyser. It is a computer program that can intercept and log traffic passing over a digital network or part of a network. As data flows across the path, the sniffer captures each packet and, if needed, decodes its raw data, showing the values of various fields in the packet and analyses its content. Packet capture is the process of intercepting and logging traffic.
Wireshark runs on GNU/Linux, OS X, BSD, Solaris, some other Unix-like operating systems and Microsoft Windows. There is also a terminal based (non-GUI) version called TShark. Wireshark and other programs distributed with it such as TShark are free software, released under the terms of the GNU general-public licence. Network types supported on various platforms by Wireshark are shown in Fig. 1.
Wireshark is very similar to tcpdump (common packet analyser that runs under command line) but has a graphical front-end, plus some integrated sorting and filtering options.