Binary versions can be downloaded for Windows or Macintosh OS X. In the hands of someone with questionable ethics, however, it's a powerful eavesdropping tool that enables someone to view every packet that traverses the network.
In the hands of a network or security administrator it's a valuable troubleshooting tool.
That being said, it's important to remember that Wireshark can be used for good or for evil, as is the case with many security analyzers. If systems running Wireshark are connected to either side of a firewall, it's easy to see which packets successfully traverse the device and identify whether the firewall is the cause of connectivity problems. Specifically, I regularly use it to troubleshoot firewall rules. The second major use of Wireshark is to troubleshoot security devices. The tool can then craft upstream firewall rules that block the unwanted traffic. For example, if a denial of service occurs, Wireshark can be used to identify the specific type of attack. First, peering into the details of packets can prove invaluable when dissecting a network attack and designing countermeasures. However, as a security professional, there are two important reasons to sniff network traffic. Anyone who uses a tool like Wireshark without first obtaining the necessary permissions may quickly find themselves in hot water legally. Before anyone uses Wireshark, an organization should ensure that it has a clearly defined privacy policy that spells out the rights of individuals using its network, grants permission to sniff traffic for security and troubleshooting issues, and states the organization's policy requirements for obtaining, analyzing and retaining network traffic dumps. The phrase "sniff the network" may conjure Orwellian visions of a Big Brother network administrator reading people's private email messages.
0 kommentar(er)
