Thursday, April 30, 2009

What Tool Should Everyone Know?

I'm always asked "What tool should I learn?". Wireshark is the most flexible tool across the board, no matter what your information technology discipline is. Download Wireshark at For those who don't know, Wireshark is a FOSS network protocol analyzer. I love me some Wireshark! If you aren't experienced with it you need to download now and play. Any questions? Please leave comments. Happy Packet Sniffing :)


  1. Good tool choice!

    Many people think that Wireshark is only for when there's a problem. But one of the good things to do with Wireshark is to get an idea of what's "normal" with the systems and nets you're handling.

    Not just the networks themselves, but also with the typical computers you have connected to the networks. Tap into the network connection (cheap way: get an old ethernet hub, not a switch).

    Listen in what happens when the computer is powered on, when logging in, doing usual net activities. See what's talking to what. See what goes by in plaintext that should have been encrypted. An so on.

    Finally, need a book to help you get started with packet analysis? One that's a nice starter is "Practical Packet Analysis" from No Starch Press (

  2. Marcus J. CareyMay 6, 2009 at 7:19 AM


    You are right! The only way to determine what's normal is to dive deep into a tool like Wireshark and know what traffic looks like. This can also be said with log analysis.