Wireshark is one of the many tools Network Analyzer are widely used by network administrators to analyze network performance. Wireshark much preferred because interfaces that use Graphical User Interface (GUI) or a graphic display. As the name suggests, is able to capture Wireshark packets of data / information that milling in the network that we "voyeur". All types of packet protocol information in various formats will be easily captured and analyzed. Therefore
not infrequently this tool can also be used for sniffing (obtain
important information such as email passwords or other account) to
capture packets are passed on in the network and analyze it. To use this tool is quite easy. We simply enter the command to get the information we want to capture (to be obtained) of the network.
After the installation of the first display will appear as follows:
Click the Interface List, then the window will appear as follows:
Click
Start on the description with the package after that it will appear
that contains a scrolling screen packages that we perceive:
To complete packet capture, then just click on the button indicated by the arrow below:
More information about the Capture Options in the Interface:
Each Packet Limit To
On
a busy network, sometimes we just want to capture part of the package
only (no full packet), for example, only the first 64 bytes only. Usually
this is done in order to not be a big capture files, but it is quite
informative because the TCP / IP header has been seen in 64 bytes
packet. To do this, use the option "Limit each packet to" and fill with 64 bytes.
Capture File (s)
At that time we will do a full packet capture, then the hard disk size required would be very large. In
theory, if we are at a speed of 100Mbps (or 12.5MByte / s), then to 50%
network utilization only, then every second will record 6.25MByte. So for 1 minute it took more than 300 Mbytes. Analysis package with a very large file size will be very difficult because it takes a fast processor and memory. Because of her, Wireshark provides the means to Why split the file automatically capture, on the Capture File (s) below. Click the first "Use multiple files" to enable the following options:
If
we want to separate each of the catch by size, then we click "Next file
every" and filled the size of the file, for example 20Megabytes. If you want to split by time, we click "Next file every" and enter how many minutes. If
this option is selected a second time, then the capture file will be
separate to the conditions being met before (can be based on file size,
or by time)."Ring buffer" provides an attractive option. Ring buffer using system First In First Out. If we are content with 5 files, it will create 'only' 5 capture file. If the capture file into the 6th form, then capture the most ancient file (number 1) will be deleted. Thus, we can calculate how much maximum hard disk size that we use in the capture. For
example, if we leave 1 Gigabyte hard disk, we can mengsplit with 20
files with a maximum size of 50 Mega Byte using the "Next file every
50MByte" and "Ring buffer 20 files". Stop Capture, can also be chosen to dismiss capture, with conditions as seen in option available. After we finished capturing packets, all packets sequences can be opened directly from File> File Set> List Files:
