How to analyze network protocols with Wireshark

Wireshark is an essential tool to analyze network protocols, but what is it? How is it used? What results do I get? That’s what we will learn in this blog, if we are ever hired in any company, and we are asked to analyze in network traffic this is one of the best tools we have and something better is completely free.

Installation of wireshark

The installation of these tools is very simple. We have to open a Linux terminal and write the following command:

$ sudo apt-get -y install wireshark

$ sudo apt-get install wireshark-qt

we select yes and press enter

We start wireshark with the following command:

$ wireshark

$ sudo /usr/bin/dumpcap

$ sudo chmod 4711 /usr/bin/dumpcap

We verify the addresses of each virtual machine, Open a Linux terminal and write:

$ ifconfig

This is the IP address of the virtual machine where we have wireshark installed.

This is the IP address of the other virtual machine that will help us generate ICMP traffic.

It is not necessary to do the previous verification, we only do it to ensure that the test is successful.

How Wireshark is used

We choose the interface that we want to monitor, for this case we will take the enp0s3.

We select the network protocol that we want to monitor, which in this case is ICMP.

We ping with the following command:

$ ping

After pinging, we immediately have the result in wireshark.

So far we have only managed Wireshark to work correctly, but what do we do with that amount of information that we can export? Do not be afraid you will learn something elementary to analyze and organize this type of information.

We click on the stop button as shown in the following image.

Then we go to file and export the file as CSV.

We put a name on it and store it in the desired place.

We right click on the file and then open with other Application.

We select LibreOffices.

we click on OK

And, finally, we have all the information in a spreadsheet, and with LibreOffice, you can organize it, filter it, graph it, see which event repeats more, which are the hours of most significant use, etc. You can also see it in Windows with Excel. It is a simple way to analyze the information, but it is not the only one.

We look for this icon in our spreadsheet and we click on it.

We select the protocol that we want to filter.

Then we filter the protocol that we want to analyze, and we can also plot depending on the objective of the search. If you’re going to do the task of analysis automatically and quickly, python has several modules to analyze the spreadsheet, and you can save a lot of time.

Finally you will have the best criteria to analyze the information.


This post was written by Ruben Dario Caravajal Herrera