On the Internet there are hundreds of excellent open source tools and utilities that can be used for network analysis, but not many technicians use them. Indeed, several open source solutions are truly effective and can help the specialist networks in daily work. In this first article i’ll show you Wireshark an useful tool for [...]
In this article we’ll see how apply BPF filters to wireshark to show the details of an HTTP session, an e-mail session and how to monitor who is visiting a certain site from our local network.
Finally I will make a summary of the most useful filters to use with Wireshark.
Here’s another classic example – an HTTP session. As before, start Wireshark and start capturing the traffic from the interface that goes out. Today, most HTTP traffic is compressed to speed up the exchange of information, so by default Wireshark decompresses the body part of HTTP packets. You can click on Edit -> Preferences -> Protocols -> HTTP and verify that “Uncompress entity bodies” is checked.