Wednesday, July 7, 2010

using Wireshark to monitor network traffic

I wish that I could say that I have used WireShark to find a virus infected computer, but so far I have not been able to find anything with it.  However I did discover this neat Network IO monitor.  It is under statistics, IO Graphs.  Whenever the network acts up I can see that the network traffic has peaked out.

One thing that might hold you back from using WireShark is the need to tap into the network.  The tap is really a lot easier than it sounds.  You just need an old network cable and a couple of network jacks.  Pull the orange and green pairs out of the network cable and connect them to the green pairs on the network jacks as in the picture below.  This cable then goes from your router to your main switch.  Or in a home network from your modem to your router.  That way you can monitor all  of the traffic from your computers going to the Internet.
Then start WireShark and select your network card.  You can then selectively monitor the incoming or the outgoing network traffic by what network jack you plug the network cable from the monitoring computer into.  If you leave the program running for more than a few hours the computer may crash as it tends to run out of memory.

