Install and Configure Wireshark

Wireshark is a free tool that helps you peek into your computer network. It shows you all the data going back and forth, like a detective for digital traffic. Great for fixing problems, spotting security issues, or just understanding how things chat on the network!

Wireshark is a powerful open-source network protocol analyzer that lets you inspect and capture data traveling on a computer network in real-time. It provides a detailed view of network traffic, helping users troubleshoot issues, analyze security vulnerabilities, and gain insights into communication patterns for efficient network management.

Benefits of Wireshark:

• Find and Fix Problems: Helps you discover and solve issues on your computer network, like slow performance or connectivity problems.

• Detect Security Threats: Acting like a digital detective, Wireshark identifies suspicious activities on your network, helping you keep it safe.

• Understand How Things Talk: lets you see the communication between devices on your network, giving you insights into their interactions.

• Make Things Faster: Helps identify and remove obstacles that might be slowing down your network, making it run more smoothly.

• See Who’s Talking Most: Monitor which devices are using the most internet, helping you manage your data and avoid surprises.

• Learn About Networks: Wireshark is like a friendly teacher for networking, allowing you to explore how the internet and devices communicate.

• Fix Apps That Aren’t Happy: When applications aren’t working correctly, Wireshark can help you understand why by examining their communication with the network.

• Focus on What Matters: Zoom in on specific network activities, making it easier to understand and resolve issues.

• It’s Free and Works Everywhere: Wireshark is a free tool that works on different computers, making it accessible to users regardless of their operating system.

Wireshark Learning Materials

1. Wireshark_Books

2. Wireshark_Tools

3. Youtube_Tutorials

Wireshark Installation Steps:

1 -> Download Wireshark from official Website:

https://www.wireshark.org/download.html

## Download the latest version

2 -> Run the Installer in Admin Mode

## Right Click > Run as Administrator

## Click Yes

3 -> Navigating through setup Installation

## Click Next

## Click Noted

## Click Next

## Click Next

Default Option Selected:

1. Wireshark: Wireshark Installation Files

2. Tshark: TShark plugins enhance analysis by providing specialized tools, filters, and features. They offer users additional functionalities for in-depth packet inspection, troubleshooting, and network understanding beyond standard capabilities.

3. ETW Dump: The ETW (Event Tracing for Windows) dump facilitates the analysis of Windows event traces, allowing users to capture and inspect detailed information about system and application activities.

Additional Plugins:

1. Android Dump: The Android dump plugin enables the analysis of network traffic on Android devices. It captures and decodes packets, providing insights into communication between apps and servers for debugging purposes.

2. Ran DPKT Dump: The RAN DPKT dump plugin allows the analysis of radio access network (RAN) protocols. It captures and interprets packet data, aiding in understanding and troubleshooting wireless communication within networks.

3. SSH, Cisco, Wifi Dump: SSH, Cisco, and WiFi plugin enable detailed analysis of encrypted SSH traffic, Cisco protocols, and wireless communication, providing insights into network security, device configurations, and wireless connectivity.

4. UDP Dump: The UDP dump plugin captures and dissects User Datagram Protocol (UDP) packets, allowing users to analyze and troubleshoot applications and services that rely on this connectionless transport protocol.

## Click Next

Options:

1. Create Shortcuts: Creates a Shortcut link in Desktop or Start Menu

2. Associate Trace File Extensions: Automatically update the system defaults to open any file with the above mentioned extensions using wireshark.

## Click Next

In this Step you can select the Wireshark files storage location. By default: C:\Program Files\Wireshark

## Click Next

NPCAP: The Npcap plugin enhances Windows packet capture with superior performance, security, and advanced features, establishing itself as a reliable tool for comprehensive network analysis and troubleshooting.

## Click Install

USB PCAP: The USBPcap plugin enables professional-grade analysis of USB traffic. It allows for detailed inspection and troubleshooting of USB communication, providing valuable insights into device interactions and aiding in diagnosing potential issues within the USB protocol.

## Wait for Installation to be completed, Or you will have a new windows for NPCAP Installation.

4 -> NPCAP Installation

## Click Agree

## Click Install and Wait for Installation to Complete.

Options:

1. Administrator Only: The access to NPCAP will be restricted to admins only. Not recommended as it might impact wireshark performance. you have to always run wireshark in Admin mode to activate NPCAP.

2. Support RAW traffic (Monitor Mode): enhances professional network analysis, enabling in-depth examination of unprocessed network data. This feature is invaluable for understanding raw traffic patterns and diagnosing complex network issues with precision. Can be used to sniff data and helps with network related Cyber Attacks

3. Winpcap API: The integration of WinPcap in Npcap allows applications to capture and transmit network packets while bypassing the protocol stack. This provides direct access to network traffic, enabling in-depth analysis and monitoring.

## Click Next > Click Finish

Wireshark Learning Materials

1. Wireshark_Books

2. Wireshark_Tools

3. Youtube_Tutorials