Wireshark is a free, often more utilized tool used to capture and analyze network traffic. “It is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.” In many ways, Wireshark is similar to the Network Monitor tool included in Windows Server 2003. It monitors all data packets throughout the network and displays them in a easy to understand, color coordinated GUI. Since it is an open-source and widely used tool, it receives constant updates and technical support. Many IT professionals prefer it to the Network Monitor. Wireshark also includes a “promiscuous mode” which attempts to monitor ALL network traffic on a network, as opposed to a single network adapter.
I successfully logged into a test account, which I created just for this exercise. Upon successful logon, I stopped the capturing process within Wireshark.
The amount of packets collected after 30 seconds was staggering. Wireshark contains a filter and search feature which makes analyzing your data easy. For this example, I filtered the results to “HTTP” since that is where the majority of our data resided. The filter actually sorts by protocol, so by typing HTTP we filtered our packets to those only using the HTTP protocol. This is traffic that generally occurs over web browsers using port 80.