Dwight Watt - Newspaper Article #510 7/15/2020


Question: What is Wireshark?

Answer:

Wireshark is a program that allows people to watch and analyze network traffic.

Wireshark is a free open-source program that cybersecurity people use to analyze the traffic that goes across your network.

With the program you can see exactly what people and machines are sending. If people are not encrypting their traffic, then we can see the exact information that is being sent. When you are on a web page that uses https for the protocol instead of http then anything you send will be encrypted and it will not be readable as we see the traffic. If the site were using http and you entered your credit card number of your password, I would see it clearly and know what your card number or password is.

Watching the traffic, we can see who is getting in your machine or network and observe when people that should not be accessing the devices. With that information we can block the bad traffic.

Wireshark is an important tool to use in analyzing networks and helping protect it.

Another important use of Wireshark is to analyze your traffic and see what protocols (rules) are being used and which ones not need or that are inefficient and then remove them from our network and allow traffic to move faster. In a way it is like us looking at traffic thru town and realizing lots of big trucks that pass thru and then building a bypass so they go around and people needing to go places in town can travel faster and easier.

There are tons of things about network traffic you can observe and analyze and an important tool for network and security professionals.