Have you ever noticed your modem/router/switch/nic lights flashing away like crazy, even though you aren't doing anything online? Have you ever wondered why a certain page, on a certain website, loads unusually slower than the rest of the pages? Maybe you just want to test your home network. Or, maybe you want to spy on your little brother, to see what he's looking at/fapping to online 
Whatever your reason, Wireshark is a must-have tool, if you care anything about your network security.
Wireshark is a network protocol analyzer. It's used for troubleshooting and analyzing networks, among other things. It used to be called Ethereal, and it's been around for a long time. It's free, open source and avaliable for most platforms. You can get it here
As with any of my hints and tips, I'll get you started, point you in the right direction and give you some links for resources.
When you first start Wireshark you will see this screen:
The first thing you should do is click on capture options. This is the window you will see:
Look at the drop-down menu for Interface. If you only have one network interface card (nic), you should see eth0. Make sure that interface is selected, and then uncheck "Capture packets in promiscuous mode." If you leave that options checked, you will capture all packets on your hub, and you might make a few enemies (including your ISP). Click on "Start" and you will see a screen with three frames. You can surf around the internet, check your email, or anything and you will start seeing the individual packets. Here's what a capture looks like while surfing NB:
At the top is packet list. In the middle is packet details. At the bottom is packet bytes. When you click on a packet in the packet list you will notice the other two frames change. You're seeing the individual packet details. You can filter your results by right clicking on a packet in the packet list frame. Here I pick "Follow TCP Stream." Now I can see the "conversation" between me and the server:
This isn't a network primer, so I won't get into specifics here, but I'll post some links and as always, you are more than welcome to ask me your questions.
So, if you have Wireshark running, the next time you see those modem lights flashing away, even though you're not working online, you can at least see what program/software/spyware is phoning home. Of course, it would be better if you had no malware, but as long as you use Windows that's impossible.
Search for "network primer" or "networking basics" if you need to.
Also, "tcp/ip" if you need it.
Hope this helps.
Whatever your reason, Wireshark is a must-have tool, if you care anything about your network security.Wireshark is a network protocol analyzer. It's used for troubleshooting and analyzing networks, among other things. It used to be called Ethereal, and it's been around for a long time. It's free, open source and avaliable for most platforms. You can get it here
You must be registered for see links
As with any of my hints and tips, I'll get you started, point you in the right direction and give you some links for resources.
When you first start Wireshark you will see this screen:
You must be registered for see images
The first thing you should do is click on capture options. This is the window you will see:
You must be registered for see images
Look at the drop-down menu for Interface. If you only have one network interface card (nic), you should see eth0. Make sure that interface is selected, and then uncheck "Capture packets in promiscuous mode." If you leave that options checked, you will capture all packets on your hub, and you might make a few enemies (including your ISP). Click on "Start" and you will see a screen with three frames. You can surf around the internet, check your email, or anything and you will start seeing the individual packets. Here's what a capture looks like while surfing NB:
You must be registered for see images
At the top is packet list. In the middle is packet details. At the bottom is packet bytes. When you click on a packet in the packet list you will notice the other two frames change. You're seeing the individual packet details. You can filter your results by right clicking on a packet in the packet list frame. Here I pick "Follow TCP Stream." Now I can see the "conversation" between me and the server:
You must be registered for see images
This isn't a network primer, so I won't get into specifics here, but I'll post some links and as always, you are more than welcome to ask me your questions.
So, if you have Wireshark running, the next time you see those modem lights flashing away, even though you're not working online, you can at least see what program/software/spyware is phoning home. Of course, it would be better if you had no malware, but as long as you use Windows that's impossible.
You must be registered for see links
You must be registered for see links
Search for "network primer" or "networking basics" if you need to.
Also, "tcp/ip" if you need it.
Hope this helps.