First, let me apologize for the low amount of activity at the Security Corner. There have been some other things demanding a lot of my time these past couple of weeks that will ultimately allow me to devote more of my time to "nerdlier" pursuits.

Wireshark is such a valuable tool and can provide so many different kinds of information that even scratching the surface here would take many articles. Instead, I will direct you to some excellent online tutorials and resources for learning more. There are entire books devoted to using this tool for various kinds of network troubleshooting. You can check for unencrypted passwords, analyze network attacks, troubleshoot slow or intermittent connections, and much, much more. Here are a couple of quick tips and some resources to get you started:

Unless you have explicit permission to run an interface in promiscuous mode (where the card processes all packets, rather than just those with its destination MAC address), you could be violating security policies (because all businesses have written security policies, don't they? ). This may leave you with some explaining to do and people do lose their jobs over this sort of thing, so get authorization before running in promiscuous mode.

Wireshark generates a LOT of data when you run it for a while - learn to use Capture Filters and Display Filters. Capture Filters are better for limiting the amount of data when you already know exactly what you want to capture. Display filters are more powerful because the capture all the data and then display the parts you are interested in. You can change this view, since you have all the data. Statistics are also a valuable tool for condensing troubleshooting data.

Here is a link to a four part tutorial and podcast on using Wireshark.

Here is another fairly exentensive introduction to Wireshark

If you are of the Linux persuasion, Wireshark website

Search Security, a very good website for security informatin, also has a Wireshark tutorial

And finally, here is a list of 60 "sniffers" and related tools, ranging from Wireshark's price point of $0 to $600.

If all this leaves you thirsting for more and you really want to dive in, here is a 104 page online book chapter on wireless sniffing with Wirehsark. Of course, you could just go to Amazon and buy this book . I have not seen it, so this is not an endorsement.

Dennis H in West Virginia, US

October 29, 2008