Wireshark: Getting Started
Security - Security Tools

First, always obtain permission before monitoring someone else's network, even if it belongs to your own employer. Sensitive information that you may not be authorized to see may show up in a monitoring session. With proper permissions and, if necessary, a non-disclosure agreement in place, you can protect yourself from legal repercussions.

Also, if you need to monitor a network or a network segment, you'll need to run your monitoring software on a computer that's plugged into a hub, instead of a switch.

Both switches and hubs allow multiple computers to access the same incoming line. But, a computer that's plugged into a hub will also receive traffic that's destined for all of the other computers that are plugged into that hub. A computer that's plugged into a switch will only receive traffic that's addressed to that particular computer.

By plugging your "sniffer" computer into a hub, and setting the monitoring software to promiscuous mode, the ethernet adapter on your computer will be able to listen to traffic that's being passed to other computers on the network. If your network uses routers to divide it into different subnets, then you'll need to have a monitoring point on each subnet.


If you're a network administrator, you'll need to know what normal network traffic looks like before you can know what it looks like when something is wrong. You'll want to take periodic baseline readings during different times of the day in order to achieve this. Of course, save the results files for later reference.


If you choose File on the Menu you will have several options including saving the captured data into a different format. These formats will provide printing access as well as option search methods




Another common option is to choose Edit and then select Find Packet so you can search a file for the packet information you need. The illustration shows a search for Ethernet broadcasts.