Revision of Analyze Network Protocols With Wireshark on Ubuntu from Mon, 09/10/2007 - 17:01

Wireshark is an open source network protocol analyzer. It allows you capture packets from a network interface and then analyze their contents. Wireshark can be downloaded and installed from Ubuntu’s repositories:

sudo apt-get install wireshark

I had to run Wireshark as root to see my network interfaces. To start capturing packets, click Capture->Interfaces in the application menu. Then click the start button corresponding to the network interface you would like to capture from. A window will come up showing how many packets have been captured. Click the stop button to stop capturing.

Wireshark packets

Leave Wireshark on for a while and watch all sorts of interesting things happening. For example, I saw my computer do a DNS query with OpenDNS to find sb.google.com, and then make a HTTP GET request. It looks like it was Firefox updating its phishing list from Google. With Wireshark you can watch what your software is doing on the network.

If you are studying networking like me, Wireshark is a valuable tool for learning.