1.What is Wireshark?
Wireshark® is a network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It has a rich and powerful feature set and is world’s most popular tool of its kind. It runs on most computing platforms including Windows, macOS, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2.
It is developed and maintained by a global team of protocol experts, and it is an example of a disruptive technology.
Wireshark used to be known as Ethereal®. See the next question for details about the name change. If you’re still using Ethereal, it is strongly recommended that you upgrade to Wireshark as Ethereal is unsupported and has known security vulnerabilities.
For more information, please see the About Wireshark page.
2.How would you setup wireshark to monitor packets passing through an internet router
A system on the network can be configured and setup with wireshark. The appropriate port on the switch to which the system and internet router is connected can be configured for port mirroring. All packets passing through the switch interface to the router can be mirrored to the system on which wireshark is setup.
3.Can wireshark be setup on a Cisco router
Wireshark is an executable. It can be setup on operating systems like windows and linux. It cannot be setup on a Cisco router , as it runs a proprietary operating system on which additional tools or software cannot be installed.
4.Is it possible to start wireshark from command line on Windows
Yes, it is possible to start using the appropriate executable on Windows which is wireshark.exe
5.A user is unable to ping a system on the network. How can wireshark be used to solve the problem.
Ping uses ICMP. Wireshark can be used to check if ICMP packets are being sent out from the system. If it is sent out, it can also be checked if the packets are being received.
6.Which wireshark filter can be used to check all incoming requests to a HTTP Web server
HTTP web servers use TCP port 80. Incoming requests to the web server would have the destination port number as 80. So the filter tcp.dstport==80.
7.Which wireshark filter can be used to monitor outgoing packets from a specific system on the network.
Outgoing packets would contain the IP address of the system as it’s source address. So assuming that the IP address of the system is 192.168.1.2, the filter would be ip.src==192.168.1.2
8. What’s up with the name change? Is Wireshark a fork?
A: In May of 2006, Gerald Combs (the original author of Ethereal) went to work for CACE Technologies (best known for WinPcap). Unfortunately, he had to leave the Ethereal trademarks behind.
This left the project in an awkward position. The only reasonable way to ensure the continued success of the project was to change the name. This is how Wireshark was born.
Wireshark is almost (but not quite) a fork. Normally a “fork” of an open source project results in two names, web sites, development teams, support infrastructures, etc. This is the case with Wireshark except for one notable exception — every member of the core development team is now working on Wireshark. There has been no active development on Ethereal since the name change. Several parts of the Ethereal web site (such as the mailing lists, source code repository, and build farm) have gone offline.
9. What kind of shark is Wireshark?
A: carcharodon photoshopia.
10.What do you think of WireShark?
It’s functional to monitor network traffic flow and see if there is not any traffic. Great freeware.