Wireshark, the Network Administrator’s Best Friend

The 5th annual Sharkfest takes place next month in Berkeley California. No, not like Shark week on Discovery Channel. It’s the affectionate name for the user’s conference for open source network capture tool Wireshark

Wireshark lets you capture and read packets over a network in a variety of formats. For example Bluetooth, USB Raw, and SSL (with decryption keys). Overall there are 70 protocols and protocol families supported.

However if you have a proprietary message format you can still use Wireshark. It supports plugins that let you add custom formats for most any type of traffic. Yes, there will be some effort to develop the plugin, but if the format is proprietary you aren’t likely to find another tool that supports it either.

So what do you do with the captured files?

The data can be used for network analysis and troubleshooting. Topics at an introductory course at the upcoming Sharkfest include looking at the following situations:

• A switch that went dumb
• A cluster that wasn't setup correctly
• SMB response that lied
• A scanner that won't scan an SMB share
• Vanishing packets in the middle of a file download
• Peer to peer music downloads

Wireshark also offers free training via webinars.

This free, versatile, and well supported tool really can be a network administrator’s best friend. Do you have a favorite network capture/monitoring tool?