Wireshark is the most popular network security analysis tools available easily for monitoring. This freely available analyzer can inspect traffic, identify denial-of-service attacks and troubleshoot devices and firewalls.
Wireshark, formerly known as Ethereal, is one of the most powerful tools in a network security analyst's kit. As a network packet analyzer, Wireshark can peer inside the network and examine the details of traffic at a variety of levels, ranging from connection-level information to the bits comprising a single packet. This flexibility and depth of inspection allows the valuable tool to analyze security events and troubleshoot network security device issues.
How to sniff network traffic and why sniff the network?
The phrase "sniff the network" is like network administrator reading people's private email messages. Before anyone uses Wireshark, an organization should ensure that it has a clearly defined privacy policy that spells out the rights of individuals using its network, grants permission to sniff traffic for security and troubleshooting issues, and states the organization's policy requirements for obtaining, analyzing and retaining network traffic dumps. Anyone who uses a tool like Wireshark without first obtaining the necessary permissions may quickly find themselves in hot water legally.
As a security professional, there are two important reasons to sniff network traffic. For example, if a denial of service occurs, Wireshark can be used to identify the specific type of attack. The tool can then craft upstream firewall rules that block the unwanted traffic. The second major use of Wireshark is to troubleshoot security devices. Specifically, it can be used to troubleshoot firewall rules. If systems running Wireshark are connected to either side of a firewall, it's easy to see which packets successfully traverse the device and identify whether the firewall is the cause of connectivity problems.
It's important to remember that Wireshark can be used for good or for evil, as is the case with many security analyzers. In the hands of a network or security administrator it's a valuable troubleshooting tool. In the hands of someone with questionable ethics, however, it's a powerful eavesdropping tool that enables someone to view every packet that traverses the network.
Wireshark, formerly known as Ethereal, is one of the most powerful tools in a network security analyst's kit. As a network packet analyzer, Wireshark can peer inside the network and examine the details of traffic at a variety of levels, ranging from connection-level information to the bits comprising a single packet. This flexibility and depth of inspection allows the valuable tool to analyze security events and troubleshoot network security device issues.
How to sniff network traffic and why sniff the network?
As a security professional, there are two important reasons to sniff network traffic. For example, if a denial of service occurs, Wireshark can be used to identify the specific type of attack. The tool can then craft upstream firewall rules that block the unwanted traffic. The second major use of Wireshark is to troubleshoot security devices. Specifically, it can be used to troubleshoot firewall rules. If systems running Wireshark are connected to either side of a firewall, it's easy to see which packets successfully traverse the device and identify whether the firewall is the cause of connectivity problems.
It's important to remember that Wireshark can be used for good or for evil, as is the case with many security analyzers. In the hands of a network or security administrator it's a valuable troubleshooting tool. In the hands of someone with questionable ethics, however, it's a powerful eavesdropping tool that enables someone to view every packet that traverses the network.
No comments:
Post a Comment