Introducing WireShark Network Protocol Analyzer
Posted: May 27th, 2008 | Author: TnT Admin | Filed under: Tools | Tags: Tools, WireShark | 1 Comment »
WireShark is a powerful network protocol analyzer (or network packet sniffer), formally known as Ethereal Network Analyzer that allows the user to capture and determine the network traffic between the client (source) and server (destination). It is a free tool under the GNU General Public License and is readily available for download.What are the key features WireShark “About” page in our opinion for performance testing)?
- Inspection of hundreds of protocols
- Live capture and offline analysis
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Read/write many different capture file formats: tcpdump (libpcap), Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Output can be exported to XML, PostScript®, CSV, or plain text
What is it got to do with LoadRunner or even performance testing? Most performance testing is the generation (or emulation) of network request and traffic to the target server thus loading it. Therefore, this required understanding of the network request and traffic being generated to the server especially for scripting tasks. Often there are situations when we are unable to record any events after selecting a protocol and we ponder what is the actual communication being used. Of course, there are other alternatives such as WinSock protocol in LoadRunner. However, the catch, the traffic captured can be overwhelming when using WinSock recording in a single session and this create a huge data.ws file that is difficult to navigate or view (and at times crash the notepad or Vugen!). Using WireShark, you can view and filter the protocols via the packet content and makes work a lot more easier.
Other usage of the tool is to monitor the amount of bytes transferred between a source and destination. This is not achievable with Windows Perfmon’s Network Interface object counters as it captures the statistics on the total amount of sent and received bytes on the NIC card and doesn’t break down to the amount of bytes sent to and received from a particular destination. With WireShark, we are able to do that by filtering to the destination. What’s even useful is the ability to export the filtered information into a CSV file for further analysis.in another article.
WireShark can be a little intimidating to new users. As such, there are a couple of helpful resources to get the new users familiarized with the tool on their website. Furthermore, they provide videos on techniques to identifying communication. There is also a Laura Chappell’s WireShark University that has a paid training program as well as materials for the new users to reference.
“InfraRED is a tool for monitoring performance of a J2EE application and diagnosing performance problems…”
http://infrared.sourceforge.net/versions/latest/