Note: This is not necessarily a tutorial but coffee for thought on what I’ve learned so far based on a class I am taking.

So, what is WireShark?

WireShark is a tool used by IT folks to analyze what kind of traffic is happening on their network. This focuses on devices on their network, who they talk to, and how they talk to them. It’s a completely free tool and although other network analyzing tools exist, this is great for beginners to understand what exactly is going on in their home network.

WireShark at First Glance

Difference between Capture and Display Filter

You can put in capture filters on what you want to specifically capture your traffic since remember, a lot of things are happening on your network.

If not, you can still use display filters to filter through the traffic.

Let’s Look at Ports & Protocols

UDP stands for User Datagram Protocol. It is associated with the network layer and is a way of how packets get transferred. I tend to mentally associate them with UPS since neither service cares about your package getting delivered properly; they just simply deliver.

TCP stands for Transmission Control Protocol and does care if your package or in this case, packets, gets delivered. In fact, TCP will let you know if the packet got delivered to the destination.

Another protocol that I noticed was HTTP which stands for HyperText Transfer Protocol and is used at port 80. It is a protocol that is used when you request a web page from a web server.

Unfortunately, when a user visits a HTTP site, information about the user is revealed in plaintext. such as their user-agent (ex: what browser used) or what website URL they requested.

HTTPs provides HTTP but instead encrypts the data between the user’s site and the web server they are requesting from. This is used at port 443. It also uses TLS/SSL but honestly, those two are still very new to me.

Here is an example from a PCAP file provided by WireShark:

So, if we look at this a little more closely, we can see the different layers of the OSI model at work such as the network layer when referring to Transmission Control Protocol.

Overall, it’s a lot of fun to look through, and honestly, I believe I’ll try to do a part two to this.