This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Am I able to use Wireshark given this condition?

0

Hi guys,

I am currently living in a hostel and connect to the internet via the hostel's centralized router.

I am trying out a software and wish to find out whether it calls home, that is, capture data packets from my OS and send them to the software vendor.

Can I use Wireshark to see whether the software in question send data packets back to the software vendor?

Can Wireshark reveal the contents of the data packets?

My OS is Microsoft Windows 7, 64-bit.

asked 02 Jun '13, 18:32

newuser's gravatar image

newuser
6113
accept rate: 0%


One Answer:

1

Wireshark can capture all the packets coming or going from your computer's interface toward the Internet, so the short answer is yes it can get the traffic.

However, if you don't know anything about the traffic that could be being used to 'phone home', you may find it difficult to tell the normal traffic in your packet captures from the traffic that is phoning home, if it exists at all.

Wireshark can reveal/decode the contents of data packets, yes. If the application can't be decoded for any reason you will at a minimum see the binary data being sent across the wire. Note that doesn't mean the traffic isn't encrypted, but you can for sure get visibility to the bits leaving the wire.

answered 02 Jun '13, 19:25

Quadratic's gravatar image

Quadratic
1.9k6928
accept rate: 13%

Thanks for taking the time to answer my question.

So how to I go about to using Wireshark?

Do I have to use a second computer to monitor the computer on which the software that I am analyzing? In other words, how do I set up Wireshark?

(02 Jun '13, 19:42) newuser

You can download Wireshark's installer from the download page here for your OS. Also yes, you can install it directly on the system you're trying to capture traffic from and should not need a second computer: http://www.wireshark.org/download.html

As for how to use Wireshark, that's a bit of a loaded question but I suggest starting with the manual. Since you're really just trying to do a straightforward capture of packets on an interface, I suggest starting with Chapter 4 (Capturing Live Network Data) and asking questions here that come up: http://www.wireshark.org/docs/wsug_html_chunked/

(02 Jun '13, 21:07) Quadratic