Ask Your Question
0

To my knowledge I gained from 2 days working with wireshark, it is used to analyze network traffic and we could use filters to filter them. Is that right? Can we do something more than that using this tool?

asked 2019-08-08 16:26:31 +0000

Keerthi gravatar image

I learnt about wireshark for 2 days. To the knowledge I gained, it is used for packet analysis. Can any other things like changing the data or something else can be done with this awesome tool?

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2019-08-08 16:31:20 +0000

grahamb gravatar image

Wireshark cannot change the data, it's a passive packet analysis tool.

However, within the field of packet analysis Wireshark has many powerful features. A free source of excellent information can be found at the SharkFest retrospective sites:

edit flag offensive delete link more
0

answered 2019-08-08 19:57:09 +0000

Ross Jacobs gravatar image

updated 2019-08-08 20:35:44 +0000

What are you trying to do?

Check Out Resources

These are the some of the features that Wireshark has that you may want to check out:

  • Decrypt captures with TLS, Kerberos, 802.11, etc.
  • Export a file: transferred over http, ftp, etc.
  • Follow TCP conversations
  • Diagnose common network problems by having Wireshark highlight them for you (i.e. Expert Information)
  • View any structured data. You could use it to read an email archive if the right dissectors were available, relating to
  • Lua Scripting Interface for anything Wireshark lacks. People have built dissectors to read network traffic generated from sources like World of Warcraft and Ethereum.

Changing Data

In terms of changing data, these are some things that Wireshark can do:

  • editcap allows you to change random bytes or chop off packet data after N bytes.
  • If you filter traffic, you can save the result, and the file will be "changed".
  • You can add comments to packets or to the packet capture as a whole.
  • You can reorder packets to match time order if they are unordered.

Depending on what you are trying to do, Wireshark may or may not be the right tool.

edit: Add caveats

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-08-08 16:26:31 +0000

Seen: 1,465 times

Last updated: Aug 08 '19